General

  • Target

    c776e6ac33d19c2fbff4bda73f6878b8471dc63160126ade4b12107e33bee0c9

  • Size

    78KB

  • Sample

    220512-daplrabeeq

  • MD5

    0599101b4f4f55a64f3ff97158cabf1d

  • SHA1

    71700ab5fc6ef65153ec3b790dd3b58f938e2b31

  • SHA256

    c776e6ac33d19c2fbff4bda73f6878b8471dc63160126ade4b12107e33bee0c9

  • SHA512

    0d786cd151e51e192da99cbfe2b549c15ef98e4710878720451139a72bfa6b0b230ae0c520e4a9cbf3b90767108e3de22eaa31ae90d819539299c3ce55b5e6a9

Malware Config

Targets

    • Target

      c776e6ac33d19c2fbff4bda73f6878b8471dc63160126ade4b12107e33bee0c9

    • Size

      78KB

    • MD5

      0599101b4f4f55a64f3ff97158cabf1d

    • SHA1

      71700ab5fc6ef65153ec3b790dd3b58f938e2b31

    • SHA256

      c776e6ac33d19c2fbff4bda73f6878b8471dc63160126ade4b12107e33bee0c9

    • SHA512

      0d786cd151e51e192da99cbfe2b549c15ef98e4710878720451139a72bfa6b0b230ae0c520e4a9cbf3b90767108e3de22eaa31ae90d819539299c3ce55b5e6a9

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks