Extracted

• • Target

    a3a19fed86f849452a5f9a932d786257_JaffaCakes118

  • Size

    662KB

  • MD5

    a3a19fed86f849452a5f9a932d786257

  • SHA1

    a0599c81b9451c0da3906963f50c6d277a9ea781

  • SHA256

    2d1bbac2ea535b4a0088c30d8d33e787ffc64dd4a959311f8a6dd7815bbe867e

  • SHA512

    90e6d0a6557004b163593b8e85fd45bc9a4a8d50fe8664c43c4bd10161aa015d5514028ec60863584113658b5a4bbb4d675e7cd2376e1bcbb96fe2a621f15cff

  • SSDEEP

    12288:fiGCy/mtbYLSYaRL1LrY8FJP3tXSyvjHDRX/LtoZS6nV32T3wc:fiGxYO6RL1nYqCyjl/Kn

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2