Extracted

• • Target

    e5187b2eec6ce7f9292bfb9a0b835e4c_JaffaCakes118

  • Size

    722KB

  • MD5

    e5187b2eec6ce7f9292bfb9a0b835e4c

  • SHA1

    111fe31ba8ebdd73029041c924388ad60c8befe3

  • SHA256

    6719fec4f8363ff695ac4d888b74dc70360bea5be738336d13ded79958b2762d

  • SHA512

    aa0de70529c20469a28b83586322ee0018f5e2f896772b4bc5cc32d3782df25645934fe3d9676032a9346b98c9e5c6a3d0bdea086991ba3666566c382f483119

  • SSDEEP

    12288:1aaRrhY8+ttdfix6GzpXafQwbgCXGRQQnbsKR9XDEONdTaxbzk/EK4FRTrVb4TYS:IUMtt3+4YwbgCWalKvXNMpznpRTr94Tl

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2