Extracted

• • Target

    b4108823652c261eb828bc8aaf351551_JaffaCakes118

  • Size

    532KB

  • MD5

    b4108823652c261eb828bc8aaf351551

  • SHA1

    e6ffcaf31949acda7ff035f8ef7128fb4748eae5

  • SHA256

    e14c09c2bd9a5ebc199b97288d9da2bb06c8644aa913b918f3a9c38ae870c9cd

  • SHA512

    985d80ea161e3d003302a144857171ef93b556b1d2d6ac12e00b691e1b7328157188ef36d7b65b290d29ae0d3e7affb17fc0d322c92115c4aca60d5d369da5c2

  • SSDEEP

    12288:0jhqS1t21/xRfD+ATnhzAWfpHv/WJoChHIV:0YSoJRfreW91CiV

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2