Extracted

• • Target

    bcd874515272d8710cf53e748ad15d3f_JaffaCakes118

  • Size

    531KB

  • MD5

    bcd874515272d8710cf53e748ad15d3f

  • SHA1

    fad2e3fce86bfb13740f68cf614fe9c79303ff68

  • SHA256

    e97bc68195d88e5bf261a12619c869ec3708e33db7236d26c406f12037a4c024

  • SHA512

    9ed56fe516f70b1d414b83e4b1e8bec2d5a59c9d87e6cd3ad2a74f6ae18f64683013c55f159f007c4372c2f4d9460ce6903a45bc4eed9a8c9bdfb7d3b1f80e2c

  • SSDEEP

    12288:KvwHhePFcKICBvVrAEChDHUkariqZ4H9t5IJSXMw9/ZUR:lHh6xBabhD02caiJSZw

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2