Extracted

• • Target

    JaffaCakes118_8af39206e6e79e8b1de9182654814043

  • Size

    951KB

  • MD5

    8af39206e6e79e8b1de9182654814043

  • SHA1

    8332719c0def2270828686230146d9281d20faf3

  • SHA256

    8b68eb76fcd0293fd8b8bc3120e2cdacb28cf16e475f7829040974de133b4f4b

  • SHA512

    67285b82b0bf05a822519af12ac8b597251aa5bc10dc6d81342daf608c8fc4d726ec63cee655ebd74d2e6dafa2fa3f33843b03b589766fc51318048ffa7233dc

  • SSDEEP

    24576:IVCwEfwZjyWQQl1tYnR40TOqX6tKMJoJ2l:IVefEGPQl16R40TTk2Jy

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2