Extracted

• • Target

    d8a234c55b61536b5c33c855d58ebd04_JaffaCakes118

  • Size

    749KB

  • MD5

    d8a234c55b61536b5c33c855d58ebd04

  • SHA1

    d73a64e47f6ba3a039b283e58a3c14c0ed51b198

  • SHA256

    0646b625fdc45430d811f7d90877913d256681c50e6bab965f0a463cab0ac178

  • SHA512

    3843931316131ae15875bf08646d7dae8377bcc21ee5099016e0a7e4822948f8be8fd4cf1388b00cb4ba2cbd8cf4fa237751679777b2be5dd0dd780daa73fd8d

  • SSDEEP

    12288:rARl8TY343PWjChiK5WArjld1RmL9UmmnMCRsRKHChWbOEyFwHDGEDzlVq71QaW:kRlBjadFdmL9hVCRsRKihCySHDGQVqWJ

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2