Extracted

• • Target

    a7cb4e1f7670d76797dfafc43d660796_JaffaCakes118

  • Size

    729KB

  • MD5

    a7cb4e1f7670d76797dfafc43d660796

  • SHA1

    7be7733a4b0d0dc5d999ef584fc08f7d92b84335

  • SHA256

    062e409afc0976442ed707403116a0250e3de12395d4738f9974b6aace8d5aff

  • SHA512

    3834e8fd2f937dd2fd104d64747ffa32c6ac216e89a7c42dfce95f6cff5a2c0c67a43d7cefcb64952db1fb67bb616faed785b13e5494ec86832737c8769ce6a5

  • SSDEEP

    12288:KMGMGm3PRfXWLcm/bbqd+FlbLdDJa4fdhO+bx6XJQNTd10TzDyErKAUxr:F/Re4mjjBL3a8a+9/D1OprK1x

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2