Extracted

• • Target

    fd11c1893856c325caa5ae392d03277b_JaffaCakes118

  • Size

    64KB

  • MD5

    fd11c1893856c325caa5ae392d03277b

  • SHA1

    7cf857ea50a90fce7b6064940a7f3440ad3721fb

  • SHA256

    3970ffa18574d2d0e646f552a9e2779d4a6ee7a034f2a19b76ddc4fae96fbb69

  • SHA512

    ab1dee0064f11121857212109c29bfe6f5b8b7e0c71c5d97427f2d610ac0e7dea8c0a56e71059cb56c7f7df29d6631c89decfb9ecd302dbc42c3ebf86a614ba6

  • SSDEEP

    768:KThC4H1vPTXMyIEw2demgl1SKx322BOL5YaK5HV49lZ+bgzpMPR5HCFQd00t3sz2:KzvPTXfIkMl1/c5Yf514oOp23CF0qM9

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2