Extracted

• • Target

    e801b83684d1fcd39b5ddb7261021416_JaffaCakes118

  • Size

    719KB

  • MD5

    e801b83684d1fcd39b5ddb7261021416

  • SHA1

    84d226985e5ac40e21b04b7ea90050f84cb89e0a

  • SHA256

    e925cfcfb07f04e3f5709f761af88f8c307d9d062725f1b1afd7a00356d21002

  • SHA512

    26d59030b3016e9e8390d2b54e41d29c14e7378e90788413800d839a37b08c0c9e839fe075b1f04fc4add9d9bc0716c1e07cc905e13060b0e9f274da146963ad

  • SSDEEP

    12288:7dZykUG66miu/Z1QBc4h59fwJMlVgeR/9LTUpdbcrbPQ8/nBUExPjORbkpqwc7sm:5Z2G66t+x4hUmL/9Apdbcoc5xOlk8z5V

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2