Extracted

• • Target

    f6497f8e7f48caa1b9a533994c5c93bf_JaffaCakes118

  • Size

    665KB

  • MD5

    f6497f8e7f48caa1b9a533994c5c93bf

  • SHA1

    9b728addc5658a8b93ac9e6a3593d0de64b0e0b5

  • SHA256

    57d30a2e6cbcea01a01a8b65f13d6dd1c307a194a804f976fa5c6e90f30d0837

  • SHA512

    62b20ae6819160aac5866ab47f9254b071d88cd0215cfc06fe774375b4b974e83fae6312d7b867f812edb8fe75882a7584b8bf794acd1e1fe359006b43867aa1

  • SSDEEP

    12288:67ZH7lDbhLpfP7UuDnl6mD4JY8QTjujWemPfXP7R:ClfhL2uDnltm7EjujWvXF

  Score

  10^/10

  metasploitbackdoordiscoveryevasionpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies WinLogon for persistence

    persistence

  • Modifies security service

    evasion

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2