Extracted

• • Target

    fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118

  • Size

    529KB

  • MD5

    fbb58548bfeccd6a4527afe7c54dfb40

  • SHA1

    f405d936bfb4765a9dbfcf4f658b097aafdeef6e

  • SHA256

    2f4e4271679970807947b1c1bd3d8c8281f1bfbc6a15a1e1dfcfeef5e30b77ca

  • SHA512

    9e55ae83a08b12da9cd17cdcf01f2cd12ae9064c4d899f9086bd049764a83a21ce5d18274eb612fea357eca652c44b85ab1996c537b34809884bac4375490db1

  • SSDEEP

    12288:IuQR86TZUJgushyTe3Chl9rxdk0ERno19p2N5188AUmxpXu3TdYZZZZZZZZZZZZZ:IuQfTZUJgushh3Cn9ldUY9Qr18TxETOp

  Score

  10^/10

  metasploitbackdoorevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2