General

  • Target

    f60dd245206ba562e21c7efd91963919327266b6fed236a8326f60e39970c436

  • Size

    78KB

  • Sample

    220512-avdhfahbel

  • MD5

    bc8519c37d03de75548c5fe4cba2bf1a

  • SHA1

    e01029a2247c9f81b89fa7baba6ce8f2abacac5e

  • SHA256

    f60dd245206ba562e21c7efd91963919327266b6fed236a8326f60e39970c436

  • SHA512

    d2b1ce64fcec763ac8c74696cddedd9e29ad7756947945484a4884a67fc01fc7c9ccf1314496be839d16423c4fd700fe869ff9b62758711d663db07bf8813017

Malware Config

Targets

    • Target

      f60dd245206ba562e21c7efd91963919327266b6fed236a8326f60e39970c436

    • Size

      78KB

    • MD5

      bc8519c37d03de75548c5fe4cba2bf1a

    • SHA1

      e01029a2247c9f81b89fa7baba6ce8f2abacac5e

    • SHA256

      f60dd245206ba562e21c7efd91963919327266b6fed236a8326f60e39970c436

    • SHA512

      d2b1ce64fcec763ac8c74696cddedd9e29ad7756947945484a4884a67fc01fc7c9ccf1314496be839d16423c4fd700fe869ff9b62758711d663db07bf8813017

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks