Extracted

• • Target

    f4924470bccbb6876bc2dc951078f8cc_JaffaCakes118

  • Size

    60KB

  • MD5

    f4924470bccbb6876bc2dc951078f8cc

  • SHA1

    7f5d342736eb9fbd462d7838d449e6c105ae5d4c

  • SHA256

    573eddb9b6bd8461992dd0249c292bdb145b4c43f132ae8ad0e8a118df5ed50e

  • SHA512

    145a8b59fb55abeecc633c01c20c4259231ac662139e89ad8cd8c03d71b562f2f3e676aa03d8500dd9feac8485cada2e4ee3d0111518d9261b8951fd46aad4af

  • SSDEEP

    768:HdaAz9JYLEoryFTFXlUGTFD5T3RUprmoPImfvhwxuJ13d53B:gAzEYxHlUGD5ormcuuj/3B

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2