Extracted

• • Target

    8f128e6c0c42bd73084daf6f42e79663_JaffaCakes118

  • Size

    760KB

  • MD5

    8f128e6c0c42bd73084daf6f42e79663

  • SHA1

    26c5ebb8f7394f8d9a46b7b5cc13fddcdb786535

  • SHA256

    06d0053abd5c3b62b77f18d22db7bb4646e26c1433cfbdfe76747195c23d5654

  • SHA512

    229b8e7a5b1bcef6227dc9158b873730ce31e4e719861d1b63874c4f974a08e322e9622d70cd4e04a776a3001a356681edd093770762d18f84f77908b6a9b391

  • SSDEEP

    12288:Yc4HGMupg4/8gsJwI7hJiCc9NNfftsAd/cYbQQNWQvviR1qxYNpl/RF0k3hf1Q5l:H4HGPyRdozvtryiQQNN3iR1n7HNhf1QH

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Modifies security service

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2