General

  • Target

    c6aa5e4376e8a85afe781b0cba7275f68188d55f5fc34e1acf790e625321577f

  • Size

    78KB

  • Sample

    240409-cq5r8sfb3x

  • MD5

    20e18cc174de95940aef68430218480e

  • SHA1

    821aecaee25b8b293e2b5e8bb3fe6b6078fe6b20

  • SHA256

    c6aa5e4376e8a85afe781b0cba7275f68188d55f5fc34e1acf790e625321577f

  • SHA512

    7a406f1b01f82682670222d03178d56d44c22113afe879fe06b8c4af52ba9c016421d0df1769a21c7a4087966dbd9cf12b126a7b8aa0e7237a06d238fc8c1518

  • SSDEEP

    1536:6WV5jidy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6Z9/Vj1ly:6WV5j9n7N041QqhgB9/M

Malware Config

Targets

    • Target

      c6aa5e4376e8a85afe781b0cba7275f68188d55f5fc34e1acf790e625321577f

    • Size

      78KB

    • MD5

      20e18cc174de95940aef68430218480e

    • SHA1

      821aecaee25b8b293e2b5e8bb3fe6b6078fe6b20

    • SHA256

      c6aa5e4376e8a85afe781b0cba7275f68188d55f5fc34e1acf790e625321577f

    • SHA512

      7a406f1b01f82682670222d03178d56d44c22113afe879fe06b8c4af52ba9c016421d0df1769a21c7a4087966dbd9cf12b126a7b8aa0e7237a06d238fc8c1518

    • SSDEEP

      1536:6WV5jidy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6Z9/Vj1ly:6WV5j9n7N041QqhgB9/M

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks