Extracted

• • Target

    ee4c17a615094e87e2d53c538ec7f784_JaffaCakes118

  • Size

    88KB

  • MD5

    ee4c17a615094e87e2d53c538ec7f784

  • SHA1

    83e8ce3ab3e766980d33626fcd0f7f94c1d34ca5

  • SHA256

    ebdf2f82030f476384179ffccd0d20b24bc1e90c561ccb5d939b4d8293fdb21d

  • SHA512

    cce0804a3f7c53761994e855c06e3b94dfea306ce254a36d306b3c18000387c2891431aa5adf395b80d60c0bc8701d8a13ce8f94b30e46d2ceaf48594cf044f1

  • SSDEEP

    1536:j+iFaEtB4Y//aXoo7YMMHYKXrX7QTW3j/VFVi/MV2CJMfdT:j+iFaEtiY/iXooMMMRXb7CW3j/j4SAT

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2