Extracted

• • Target

    JaffaCakes118_94d039bfb53121d0e560ae3bbc1ed1e7

  • Size

    507KB

  • MD5

    94d039bfb53121d0e560ae3bbc1ed1e7

  • SHA1

    3034c41c4bdb29d47999d6b75868ca91b4938dbb

  • SHA256

    d9b02aec49b68e2254acda3a1cf7b8f8b62b62b664affd9bd8a25f8f8d168d79

  • SHA512

    d731baae2040fd7e0ee41b8acfbf139fdd14a199d8daffe4debc643a2a5b607da48dcb46e73d026c19a912d358f09b68816e73094a1ab93d1636e04d56ed9ec6

  • SSDEEP

    12288:yxiw1qu2sDY+UNtsSpNOMVzXgauL0AJXQ+z7kr:6kUUw0NbVUauL0AJtzo

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2