Extracted

• • Target

    JaffaCakes118_96b659837192214ccc40894f74f87532

  • Size

    511KB

  • MD5

    96b659837192214ccc40894f74f87532

  • SHA1

    05ccdbe31565d4b03a03e99346cf8ad3b7ea77ad

  • SHA256

    292f069ada3b439ed2d3abbf74173f23d398a075870cfad3adc975d0387e5dae

  • SHA512

    a27fed4b3e51ad9f3495d213de502be92c91aceb748d1b787c6a3837a2eab35fd4d6eb7eb9573bf94f9b8cd80435119aaf48d8628cedead7a68c95a80010d756

  • SSDEEP

    12288:DIFZBYs5cIREvnVGhkIPS2TffUdctTnTN/Vd9Im+7gWE:DoesOIK/2kgS2TyctTnT3+S

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Drops file in Drivers directory

  • Deletes itself

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2