Extracted

• • Target

    f990a30c06780641f4bcfd5819159920_JaffaCakes118

  • Size

    845KB

  • MD5

    f990a30c06780641f4bcfd5819159920

  • SHA1

    30b59d912eb0be5a0c1dc3d74289dbfd29ddc2e1

  • SHA256

    699f50ae01376f0628f30216198d1f7c112f7da8832f6fb205ab7804a76563a4

  • SHA512

    71239abb85f4cc40836c526a5b84211d1d62972a247ef969980100406a35bcbd9c2f4f9a9bfef3b85597986094cceb2af36d2b183752c7671c27fe0b926d49fa

  • SSDEEP

    12288:Tb6Oh9Zsksli3XRfBWrQcN4K3Dshz5DqdXzfcwr/8FBcjQR5tCIT+:COLZskR3XzYQqTC8rcu/80jSwI

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2