Extracted

• • Target

    9678eb57d57dcb7e25fd9ed8cc8aa38d_JaffaCakes118

  • Size

    550KB

  • MD5

    9678eb57d57dcb7e25fd9ed8cc8aa38d

  • SHA1

    b6a3ddf99a89570f081420608defe0a8b4fb28f6

  • SHA256

    8144583e891884b7e48f7968a0ef249e6157a6eca6e31977d7a1015aa958c64e

  • SHA512

    c662cf52d5ec9e0cb74baa653f335274288a1836387c466e3bd1930cd96110cf316d71438ffaabdeb5da66c93a069dd0e1c251d3f175be3c36a0fa066a7d98d1

  • SSDEEP

    12288:VcEQ6UT9gVbiG9AuVjq0OlQjRkJcYbA3Sv0XmxJ:S56UB49Auh1OlyT2A3StJ

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2