General

  • Target

    27ad04d67537103691c32c8ea26ce4b8e372e259319dff38c8f2ee1659675cd0

  • Size

    78KB

  • Sample

    220502-rpvcfahagk

  • MD5

    1aeb21d793453e9d5fba2a09e7f5e876

  • SHA1

    3b58628a5774b1d65c3cb366618239a36afbad0b

  • SHA256

    27ad04d67537103691c32c8ea26ce4b8e372e259319dff38c8f2ee1659675cd0

  • SHA512

    2d1bb35a7c05cc37170f20ea013aa9ae124e4fdeb8e62e5ca1baf032b3fa975312a981edd9a8ee211b28f21a3884dc123d00f9331901bba1f1f9949d837a6dac

Malware Config

Targets

    • Target

      27ad04d67537103691c32c8ea26ce4b8e372e259319dff38c8f2ee1659675cd0

    • Size

      78KB

    • MD5

      1aeb21d793453e9d5fba2a09e7f5e876

    • SHA1

      3b58628a5774b1d65c3cb366618239a36afbad0b

    • SHA256

      27ad04d67537103691c32c8ea26ce4b8e372e259319dff38c8f2ee1659675cd0

    • SHA512

      2d1bb35a7c05cc37170f20ea013aa9ae124e4fdeb8e62e5ca1baf032b3fa975312a981edd9a8ee211b28f21a3884dc123d00f9331901bba1f1f9949d837a6dac

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks