Extracted

• • Target

    d7224e74e036c548979f2c828f29d1dd_JaffaCakes118

  • Size

    669KB

  • MD5

    d7224e74e036c548979f2c828f29d1dd

  • SHA1

    db1cbb333f0cba5c9ee07f5ccc92c2be4bfacd85

  • SHA256

    f7cd1ade5965c8b5a08919d9e45857c1c6e512890fa75a321e9724b5c3603091

  • SHA512

    bc1a990bcaf671880946182d1233e99ca911a0f496859f807f353fa849ebf874b7e5f92afebd23cdcb1656c7e373c78c0746a76d64938cac28808c75b6ef1241

  • SSDEEP

    12288:liGCy/mtbYLSYaRL1LrY8FJP3tXSyvjHDRX/LtoZS6nV32T3wcLt:liGxYO6RL1nYqCyjl/KnYt

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2