Extracted

• • Target

    e9870a5923a6465f1de82913057d067d_JaffaCakes118

  • Size

    669KB

  • MD5

    e9870a5923a6465f1de82913057d067d

  • SHA1

    ebbfa6c936700f91b5f60e6bde89d01c52c66ad8

  • SHA256

    8346fdeae864f4f832ece128bcdce790098a1a8e1fe1f8c74a0cb0444e9bc3e4

  • SHA512

    eab5c6cedd9b8488689b385af0985e7e9d07679ae16bccccbaa9d1121bdd3ca1c6c94586429cc5ce3f423ce4e08190a1a0055dc1a39545bea35238e3bf0cfc27

  • SSDEEP

    12288:T0aNzHaQ9DA44VdmIULqiTIYIt2Y/ZNbi3XxWN1RrfoaKWEe659aK:oal6+DNqohLH/IffR0aKN9X

  Score

  10^/10

  metasploitbackdoordiscoveryevasionpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies WinLogon for persistence

    persistence

  • Modifies security service

    evasion

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2