Extracted

• • Target

    JaffaCakes118_174dba41ec4881f5ff7d94042dcce4a1

  • Size

    570KB

  • MD5

    174dba41ec4881f5ff7d94042dcce4a1

  • SHA1

    b8079a70fdd7f0f55cdf472f623eab58904e07df

  • SHA256

    52e2ea6fac35fd7af7d05dbde97e61f7fe0f6a5d176ab2ab77d082d40f5f0db4

  • SHA512

    dd6aa4381a2df897af9d736c318dd3fbba17ae55484e1a748ea0d75709a477cfd8ce4c4712c96c2abc8994c43dbe1695ca55bfdf6be003a0f711716a489591dc

  • SSDEEP

    12288:uJCMlMkhe4CikRpy06CuKWIcByY2Tfw9hSal3w5GpFQv8:a9MpyJKfR7TI95KGU8

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverythemidatrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Modifies security service

    defense_evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Drops file in System32 directory

  behavioral1behavioral2