Extracted

• • Target

    df1e6663cbc90e91fbb70b3199335d26_JaffaCakes118

  • Size

    532KB

  • MD5

    df1e6663cbc90e91fbb70b3199335d26

  • SHA1

    31aa1340f1fc4cfe4dd966553e113bfb75ac03fa

  • SHA256

    e392a10894f21f58de122a16b8721104f965d2381b64ff614a90ae7f19db256b

  • SHA512

    bf51b4b34966ae5289ea92b90d3ef43f0f464f3ad4b9293d1f106ef6a3c0bb4457ddd02cbf5714e12a8d0bf5cd7e99e302d955f98129480c4a5416017649b75f

  • SSDEEP

    12288:+NuaIsd+lbShO2PLOHKwsYyHBsU6lxSnyYxYKSCh3BeQs8j:+oaIzDWLO/sYyHBp6in1xcCh3BeQs8j

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2