Extracted

• • Target

    8e88af0135a490ce9edb4a2e2dbe0036_JaffaCakes118

  • Size

    522KB

  • MD5

    8e88af0135a490ce9edb4a2e2dbe0036

  • SHA1

    329ae237b097dbac5f29bf233db8d2aaf2b0aaa4

  • SHA256

    d9af634353937ca452cd1c9347a59bfb3911ff6a3136cd86c365d40c748641e4

  • SHA512

    5dfd3ed34d9f581b0ab34c8dd675a92add7a55a5b9ac7f3ed58aadd1257ba87e8782abf147fedd01723cf90a506c90f05d71edbd856270b3a0301ad0b35bf608

  • SSDEEP

    12288:BTIIYMqm3m4XR1oKBm4pQLfN+uqMTiVB/z0d+lGG:BToMF3jh1ocGV+lMT29G

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2