General

  • Target

    993cca6d4eb73a3e6be7a02cfe379ea9b66f2617d855ff7bb7a95bbdf1807c16

  • Size

    78KB

  • Sample

    220606-1vezdacdf5

  • MD5

    be936a336a335231ce0b07483e8ba800

  • SHA1

    c7e2d8a1a280c9ede2184470528704041ca6a174

  • SHA256

    993cca6d4eb73a3e6be7a02cfe379ea9b66f2617d855ff7bb7a95bbdf1807c16

  • SHA512

    25133a4c48f00035cb29f3ce706e7fe61ab771352f16a7e8a73d1246c74367a2be84b196f839d54902f826a28352c796779b21ba2bd8fdf47f2a86cfc90bffe4

Malware Config

Targets

    • Target

      993cca6d4eb73a3e6be7a02cfe379ea9b66f2617d855ff7bb7a95bbdf1807c16

    • Size

      78KB

    • MD5

      be936a336a335231ce0b07483e8ba800

    • SHA1

      c7e2d8a1a280c9ede2184470528704041ca6a174

    • SHA256

      993cca6d4eb73a3e6be7a02cfe379ea9b66f2617d855ff7bb7a95bbdf1807c16

    • SHA512

      25133a4c48f00035cb29f3ce706e7fe61ab771352f16a7e8a73d1246c74367a2be84b196f839d54902f826a28352c796779b21ba2bd8fdf47f2a86cfc90bffe4

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks