Extracted

• • Target

    cb2de216a16266ffc0c031750d652917_JaffaCakes118

  • Size

    717KB

  • MD5

    cb2de216a16266ffc0c031750d652917

  • SHA1

    cd8fd54cf6fef6910200103d586e1f3f6b22dff1

  • SHA256

    02c0e50dd577fe7727f4c050bee9d9d260021839d8b7798e77d289264ad59b66

  • SHA512

    0ebf884745b3def76a55f771d28bdc71d98264e91167bb5974d505cc497608a3ff769229ed67705f6dfd24b2973c0fdc3c38927c574569bf28d8556f54de43b6

  • SSDEEP

    12288:r5g1NPZi5cwyFpl900fIMel0RtAdWFdFv+JS1Zu6v/WLVa5TFp:r5GZi5Yk0Q74t6WFnM6vDTF

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2