Extracted

• • Target

    f12a3388d4157a781d43e4ab9594bccd_JaffaCakes118

  • Size

    583KB

  • MD5

    f12a3388d4157a781d43e4ab9594bccd

  • SHA1

    f4396944022e12e88867258e4d9ac04dfc028fff

  • SHA256

    755abefc2b2250d297fd8d971abf23bed13130feaf8eb81150f935e10fadb6ee

  • SHA512

    9899883230987cc266b4c9e08ef5697d33cfb35c3d02b5c806bd116448363076bcb202cdc170c89c6b5351e1c511c42c3f195c9543b74530359f339fa76cffd0

  • SSDEEP

    12288:AWSHVrQxktwW0Z2ZL9hNqFCQYTama57XwtsI/2jTPMD9:AWyVUxvW0kLYFCQGGXW2jTU

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops file in System32 directory

  behavioral1behavioral2