Extracted

• • Target

    f3176f5257ecdec0ddc8e6d581791686_JaffaCakes118

  • Size

    128KB

  • MD5

    f3176f5257ecdec0ddc8e6d581791686

  • SHA1

    e1a73413ab9ac08449b6906d06f6741750f2b5cc

  • SHA256

    d79451ddda0a795ae6bf7b1972dfb4642cf6225c8537c0f2de22f8fea66661ea

  • SHA512

    8dcf1bb210be66d849cbf50c418592c1f303996294af75e593d2db4cc1be31486ed24e0189df46b6935998cc21faa614c2c8dd9693d25fe6c0c4557dc792987c

  • SSDEEP

    1536:uqqppM+b/PjVsxmbClhlQruAlHIIgi/isC0YCt0Q7FjFRD2IDA/rWgyN3bF:u1TsxOUPQruYfR/isl50ClD2IEKJz

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2