Extracted

• • Target

    ffa5a0b99cc07904845f6d2b4a64d6dc_JaffaCakes118

  • Size

    88KB

  • MD5

    ffa5a0b99cc07904845f6d2b4a64d6dc

  • SHA1

    d747355bde85c831f70dee9baabd30a72717d01f

  • SHA256

    340f6b520917256ae61fb9257468fe69227fbb4617e9692dbd0c9526cdc814ef

  • SHA512

    86c0b0d1a009286fd16c7269765e5324ea8f569abaad9f846f406478f752adc92bd239301ddccb855e29195b8f90cb32fc7680b507124d5fe02e632fb975c1ed

  • SSDEEP

    1536:5+iFaEtB4Y//aXoo7YMMHYKXrX7QTW3j/VFVi/MV2OJMfdT:5+iFaEtiY/iXooMMMRXb7CW3j/j4eAT

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2