Extracted

• • Target

    fbecfcdcecb37890c0dfee2153e02c07_JaffaCakes118

  • Size

    212KB

  • MD5

    fbecfcdcecb37890c0dfee2153e02c07

  • SHA1

    c5084216b1903c0ba876dc7c7becff0738ed1457

  • SHA256

    88dc07e6f9603f35cff1dad0a3d20d514064c5b5fb3edd1abcc16929e0d63902

  • SHA512

    d5b38302cdc326bbd1cab006c471def2ebb6e6ba167f719a4bf188296e955a4dbf8fea7c50c5a771ff2486a3d35be74eaf7c5dbc4bf314698fd8e2948fd5d58f

  • SSDEEP

    3072:RWaNLnxKF4AzEsw+DEchlvdxdeTBQnU96dpBIAnli3mF:RW8UhwDcTvdxoKUUdNn42F

  Score

  10^/10

  metasploitbackdoorbootkitdiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2