Extracted

• • Target

    aff41cabdb836ca44cf7c002d5fc6313_JaffaCakes118

  • Size

    792KB

  • MD5

    aff41cabdb836ca44cf7c002d5fc6313

  • SHA1

    e4eefa6f1dd43fcac5e9393cea678f16b07b68a8

  • SHA256

    01b79f79e42eb0a1c6c752ce88ba595ae411217c61ae7a062ba891b413fdff98

  • SHA512

    a6ca3c126252b8e4f12aed0626df2ffa70784850cf54057057798b12fafee4a355acd18dc60dab8fa608f8824e3726313b4212e9d3a65d7eca0ff4a4c8c73581

  • SSDEEP

    12288:R9ZgfZb6NmRxCvx+Tz2Vg8ZXt3UOr3lzyVexZw6IJ1uNbw8F+fp/CTu/2Wsxrv:R7IFak2VRtEUVyVezw3JKU8FEp/9fsd

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2