Extracted

• • Target

    ea38989a8f7fecf381a9def8fd2b9618_JaffaCakes118

  • Size

    719KB

  • MD5

    ea38989a8f7fecf381a9def8fd2b9618

  • SHA1

    24be2a580100130a172240eee410fe60936b4a18

  • SHA256

    e66ff985ac7fc53ecc7da34b284c6149dd7e5548c67949af4842f685ba10f937

  • SHA512

    888cef4ab9e1cccf5b37a33113cb4fd50a627316ec3ba4191a84b56d11d73847129998a45916af8145917c8582b164e793573ecd1c0717365b421f26111a3951

  • SSDEEP

    12288:7dZykUG66miu/Z1QBc4h59fwJMlVgeR/9LTUpdbcrbPQ8/nBUExPjORbkpqwc7sd:5Z2G66t+x4hUmL/9Apdbcoc5xOlk8z5I

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2