Extracted

• • Target

    995c49e2c2eae9525f1e0ce31cce33b9_JaffaCakes118

  • Size

    845KB

  • MD5

    995c49e2c2eae9525f1e0ce31cce33b9

  • SHA1

    8c8ba5fcb97bb4a1a24382b2f86a3872ad89e14e

  • SHA256

    ee97ff597810405282ff545cd4e4a15013789ad2b8891cd1609eb73c56199e6a

  • SHA512

    095cd1d817d60d0260850f9567371ab0d64421551064108718a9e0695ebb025138240bb9496d4ba2e558504e850895c444943277006d295e377f6a4ea7f3517f

  • SSDEEP

    12288:ob6Oh9Zsksli3XRfBWrQcN4K3Dshz5DqdXzfcwr/8FBcjQR5tCIT+:LOLZskR3XzYQqTC8rcu/80jSwI

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2