Extracted

• • Target

    657d23a710e0d2c2cf05915a188c0799_JaffaCakes118

  • Size

    570KB

  • MD5

    657d23a710e0d2c2cf05915a188c0799

  • SHA1

    9b2c7dcc914bbf007e1b8a60631929bbc3672d8d

  • SHA256

    30ec7dae6924bfd6fec1fd6ea65a03a367126e6c4cf5a657c07e7b493e19d2d6

  • SHA512

    71d09b62f13a883b5dbf6c5ed898e38536e478842c14609f1201e273133add3ed733fd15b49a34541453aa597c9ee7d44bf7eebe627529b7f1ece5aa1fb9a8a0

  • SSDEEP

    12288:KzahJViTIBtTR60Sbifnmeb6A+Q5j/HITGq4g/D0EwNzchOKc3T:Kzd0VDSGPzIQ5j/HITG4r0T5chOKO

  Score

  10^/10

  metasploitbackdoorevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2