Extracted

• • Target

    f52ef977885850cabe59782db6385a64_JaffaCakes118

  • Size

    776KB

  • MD5

    f52ef977885850cabe59782db6385a64

  • SHA1

    094690ae6f4ae2ac651385dfb02099f62bea50a1

  • SHA256

    eb67d9e27db06ea3749c7df09fa5815edd0d430e4da202072fc3c00026349c6d

  • SHA512

    19d3e89cd276580d5b51e5deffc442459b610f30e0629a1f49748d89b4a26bdde6b1ddc5c8a6b779adcfb6f19cae318f668fafef0dca4fbb4330e00cd5920483

  • SSDEEP

    24576:aXytXN4FXT6SdqtURjZnli5kRlM7fDG/:OytX6RTjqtURjZlaGlM7D6

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies security service

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2