Extracted

• • Target

    bcb6ae3a7e384d6bd2b189b0c81fdee6_JaffaCakes118

  • Size

    555KB

  • MD5

    bcb6ae3a7e384d6bd2b189b0c81fdee6

  • SHA1

    711bdc0ba64888d63debf718f65212694b250af9

  • SHA256

    f4a2b8173b0c4ca15ff55553a5441b9ff61ccaa53d36b680cb279b9284b97ada

  • SHA512

    d96c5024ff91f638e34da565e536bb7f8bbae19d99da4212b587f828d673caf78729150f337b60d0dc0ca354ba3c9b397ac0abb968940852635bc3efb3e8e882

  • SSDEEP

    12288:+NuaIsd+lbShO2PLOHKwsYyHBsU6lxSnyYxYKSCh3BeQs8/:+oaIzDWLO/sYyHBp6in1xcCh3BeQs8/

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2