Extracted

• • Target

    JaffaCakes118_09e68dbbe09df532b2e3cc4a6b9d0c07

  • Size

    324KB

  • MD5

    09e68dbbe09df532b2e3cc4a6b9d0c07

  • SHA1

    195c3ccf009f64651f01f5fe7593dd2a6f4c5bfd

  • SHA256

    7b77e31510113c93272e6c9deeaa2932912aca6ac5483f19cd1be05d8ed13da5

  • SHA512

    da34c28b7a998d2299adbf5f2009cf2bfc63b3feedb6fc53bc8f3c189a0f0114906fa51789ecbd9aee1b540a423349a7b4fd819845c8a4003c49bfb0d3561a60

  • SSDEEP

    3072:0cqk3ftAphksJ16FbnlE7iWKOvphsM8nVcUJ9i4RGHbp8lt07qEPUYPE2CGb:0cqk3ftA/L+M8nVzmYGHuUE2

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2