Extracted

• • Target

    ebb8f6a9404068518cf8e14da9df95c5_JaffaCakes118

  • Size

    519KB

  • MD5

    ebb8f6a9404068518cf8e14da9df95c5

  • SHA1

    06851421db48a190c656eaf65d6919cb242572cc

  • SHA256

    cb54b281d83fd949fca3317e5d7b9fa941ebb6cc183bea69c7334bd0c0b92461

  • SHA512

    6538129c0b64c6d738f3b51eee41d7d6120811106fba35efdbe72b39c08339ee23af657a622608e914a0e156186fadde25fbd3d3a63c24ccc343d14402a56f59

  • SSDEEP

    12288:7+wUcCTJ5iUtD/ZDedM7hxUysgX3GkN1+O7YricUWe:7+PcCTJ5igVSWPX3GkmJr9UWe

  Score

  10^/10

  metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2