Extracted

• • Target

    f3921766d38aad57d9796606a1af637a_JaffaCakes118

  • Size

    155KB

  • MD5

    f3921766d38aad57d9796606a1af637a

  • SHA1

    ec5153dc667c97830dab4ad98a2d6f3318669b95

  • SHA256

    f39ba67a2c44d2ab80263caa35036b7b2b5d8ff378e1c813de1f92e76df954e8

  • SHA512

    85cfd202a71ddf79cb7e5aa18873470db16515a5f265f0cb49f6c214e3733add5689bae4a65921694ae13308cbed6f7cc4a724657d56532b7dc3f1e2d1dd2166

  • SSDEEP

    3072:2w1mIgMRQG6pO0TVAwMomXdKDf7vT4CiZ2kx:2wC+AWFN8vT41Z2k

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2