Extracted

• • Target

    JaffaCakes118_9644f68a6b7a6705f50e06da8a6cc035

  • Size

    520KB

  • MD5

    9644f68a6b7a6705f50e06da8a6cc035

  • SHA1

    6a8833a26a9cd9e477aa79d42a166d5fa0d92a56

  • SHA256

    59408526d77ec8985629016cbdae8922bfbe5e6b32b44993ff09b7f95c415c2d

  • SHA512

    21eab469a21bb303f988e85ed1655fc6530ed1ab61bdc442a452fa7cd55f7c40592ddd3fd9e23e4d14d9ce1014f0171ee2f2382869cb214111e3bf7038fa9c08

  • SSDEEP

    12288:IS42UpuJMe1rquyjVJHhDy13/IGo7+dLzpNP0FtkJbn+ki:4fpuye1rqTPE1g1+dLzpNcUJb+J

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2