Extracted

• • Target

    JaffaCakes118_b8b56401ea79643f428847bfe2be5b25

  • Size

    65KB

  • MD5

    b8b56401ea79643f428847bfe2be5b25

  • SHA1

    1ead1f06ffdf21b7e1262255b85ada089ab715ea

  • SHA256

    d12ee3db69b06b07f617cc7f32b4c14b54575cd9751bfbc2d8f4d667520f91e3

  • SHA512

    f09c8d5c1ea8bf089bb33a3296fdfff5d99319628760f032f6e93fe414b385f0efd2fc2108c306c4aa33eb9bd1ca612e6494aad063721db8d26f4a6696d2a172

  • SSDEEP

    1536:jFZ6qSjJMUzA4w+x57r98zbgSTDK6lKBnMX7FI/9Puo9U:GTJMUzJNq5GrBMRI/92om

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1