Extracted

• • Target

    8cfc3beda86805f73baaaf77fbb0e9be_JaffaCakes118

  • Size

    725KB

  • MD5

    8cfc3beda86805f73baaaf77fbb0e9be

  • SHA1

    65ff34fef13df23f2be4a2013f1895e3b20cad33

  • SHA256

    d2d6f3df09517a6327d009c71192b24099a0c290a460395429db74fe9e8d3513

  • SHA512

    c1d0666e18391ee47f0c48c2f57cf6af7361473df787a52257b2319c20a6d5a0b2f418480f65b0e58c8970fede86d7c4be8d6547ff35cbe871f103fbedfe58c5

  • SSDEEP

    12288:zUzuJ41kfzopJpegOIuATdfEEtIIRGhDNbYhihmbty8sE/GRRaquHsBg3F2u9lMK:IyJAk0DpbZcl9ZbYgy5GbavH0gF1

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2