Extracted

• • Target

    d9c31bbc359952ebfb3947f66cde7abb_JaffaCakes118

  • Size

    731KB

  • MD5

    d9c31bbc359952ebfb3947f66cde7abb

  • SHA1

    030177325c1d4f84b5c0f92eb92b6bc766fe5dbe

  • SHA256

    e209f37a1703c946f98c22941f9b38dad96d185ec52a963e154383e521eee99f

  • SHA512

    06779f205f5e9d67738dfafebe0de7e5f73bbe4fc63c12386e1c049b1070ff0d32a9dbac089814c60aeb76558aae5087940d97b7810a59f70a44bf7075331373

  • SSDEEP

    12288:F9uoalDYM1D0XkTWcXu1fdfgfLSSSCSsz6+9XWdxwgNrLhC8JZbVSMX9P:vuoaBz9TtGlfSSTCSsG+tWrwKLhC8bUq

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2