Extracted

• • Target

    JaffaCakes118_9590c5e8f3a01376450f87515c58920a

  • Size

    524KB

  • MD5

    9590c5e8f3a01376450f87515c58920a

  • SHA1

    8d92746414c01491494169b8bf7fee68b24597f5

  • SHA256

    a7eb3d6b18cec33e06fe9d6425282446b6987d8601e5f6df113bfa0ddec05e38

  • SHA512

    ccee37521fc7b40f8951c438bdb47353973449f58cc5527af96950193e1a493a6fcd747ed9e8b95f8414240683057e7b44bb1caeec9373ac3c71bc831d436630

  • SSDEEP

    12288:y5VJADlYdve+Dn8UC4p6jCtd9QaiUXF2zno4MPHG7WQfE1IJL0sO:EVyDyM+DnD6kPQPUX8znfMPMesO

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2