General

  • Target

    9a94a6b4d97d18b5e854b60308c6a5bf5929ed8feed786218e82d7b12a67a05d

  • Size

    78KB

  • Sample

    220329-3xbqvachh5

  • MD5

    05137374d9702441ed3cf31896d32e55

  • SHA1

    3429cee50a686ca29a72cd1ecbc06f4708b31e73

  • SHA256

    9a94a6b4d97d18b5e854b60308c6a5bf5929ed8feed786218e82d7b12a67a05d

  • SHA512

    62ed902ee373da8ca290d3d0d67176c34f26b78af39f4c524417b3f732ec0732ce560c0b67c01527b5f757cb0e0c3213f9f41cebf3db4fb81a1ed91e9445cefc

Malware Config

Targets

    • Target

      9a94a6b4d97d18b5e854b60308c6a5bf5929ed8feed786218e82d7b12a67a05d

    • Size

      78KB

    • MD5

      05137374d9702441ed3cf31896d32e55

    • SHA1

      3429cee50a686ca29a72cd1ecbc06f4708b31e73

    • SHA256

      9a94a6b4d97d18b5e854b60308c6a5bf5929ed8feed786218e82d7b12a67a05d

    • SHA512

      62ed902ee373da8ca290d3d0d67176c34f26b78af39f4c524417b3f732ec0732ce560c0b67c01527b5f757cb0e0c3213f9f41cebf3db4fb81a1ed91e9445cefc

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks