Extracted

• • Target

    JaffaCakes118_97e2fac4f708a5c833f752c9f7b3db43

  • Size

    568KB

  • MD5

    97e2fac4f708a5c833f752c9f7b3db43

  • SHA1

    3dbca5bc618843236296b29c995c39c0be4e34cb

  • SHA256

    48b9c6bdae995bf09816574e59c379b88ea3f6ea006fb59ccf4e1d80527f6b47

  • SHA512

    6ab0371c8b09718d679322540b3d10465e9b7305d45241c18a89bad714f7c053acc6e8cb76e8d45847dc88951946d237f13e7ca26bc939cc8a36877eb3abf9cc

  • SSDEEP

    12288:XG/gjGUH3HH7qlVZJT3zZvo4gGGFzQh9skEUh6dL:2YvH37qp5Bmf5QhwA6dL

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2