Extracted

• • Target

    f1c843be0c0b8bd3a45bd085292a35f4_JaffaCakes118

  • Size

    538KB

  • MD5

    f1c843be0c0b8bd3a45bd085292a35f4

  • SHA1

    0c3008c7693f3dc8c0147ec91868f4955ca2705e

  • SHA256

    3b6a10706c67feb2ed16ccf8ef30987ba451a7674a6ab0cd8bfb569bcc89f135

  • SHA512

    575bbf300fdb23aa967c454488419ef1ce12605a9a74baa36a84368e93983aec228d200b5ff7cfa06a6e0c78582b4f2d70d5578227c1975a707a811c4b16cedc

  • SSDEEP

    12288:lA3bXIZrTpuJZJ+Ns1pBGqZ/Uz1NIn6JqgOVn:lkXknpu/+sDZlUSb

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2