Extracted

• • Target

    f0427edfb3d0edaa7b7018f358c9ab67_JaffaCakes118

  • Size

    926KB

  • MD5

    f0427edfb3d0edaa7b7018f358c9ab67

  • SHA1

    b564f2a753359d9f95bc4cc29ce0a93c7710905c

  • SHA256

    80c1af762d414f6f5bc3624ab3999bb823ab837dad1c3de25285d542f6bd9ac8

  • SHA512

    30caf0bd6b7ef5a297cff6d87dc054723aed10f94bdd74313baf559216a9be5fffa6c99bc5836896630e05759ebeb3cec532bbe4db2dbc2878d6bf8b51838a22

  • SSDEEP

    12288:E8AAh/NHUhxzzdvEwE/wzUOMlq5nj8gg/c8UY6AfV4kzQeGo19deJHRbxEcw7gEk:DghxX1IMqW1RcTcQ/mHR5w7ewqv

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2