Extracted

• • Target

    b0bb51b66a38aa80dc26e514fab25feb_JaffaCakes118

  • Size

    526KB

  • MD5

    b0bb51b66a38aa80dc26e514fab25feb

  • SHA1

    f4d27ba155a8d5aec637277d3cac39354f4b354a

  • SHA256

    de90e3562c1dd0299f488703efeae830f6497f861105955ed1871ab7c6bc7def

  • SHA512

    579627d92cb013046ac07315e5895945d047a1c3c298977e97224954afdd101cf441597d32d489f0f28dbf0caa26a084a8b8a5eb4c93262259b114d78ae9e6fb

  • SSDEEP

    12288:veDDbmkeCU1QzAwK88H8e+DGV97VPtn9YPquQKVBhf9Cxa:GD/mkZ+wKDce+CPVtnO2g3f9

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2