Extracted

• • Target

    e67640cd341abde8cb55bd9aa3fe6f86_JaffaCakes118

  • Size

    531KB

  • MD5

    e67640cd341abde8cb55bd9aa3fe6f86

  • SHA1

    f8cc7a10e21eb36b64790337c9ad99766c346bc5

  • SHA256

    d6ea739e498f5931b8fbe3881001e343a64cb5755d3df4635b70df2beecae02d

  • SHA512

    e74ef64e22bc606d111b07345251e89b527d85f1f5b8e692940f9c8051f234d281a84f6579142ba2824aafe6b5b024d143a2eb3293c336fa17c1d9bc2f251385

  • SSDEEP

    12288:+NuaIsd+lbShO2PLOHKwsYyHBsU6lxSnyYxYKSCh3BeQs8/:+oaIzDWLO/sYyHBp6in1xcCh3BeQs8/

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2