General

  • Target

    fa05c038ef0dc5e87cc5f0cc602caefdeaa99cfc11bfb04b992acd7b3f5332ed

  • Size

    78KB

  • Sample

    240409-el2k5aea83

  • MD5

    e91a02de0b2dc5dbd32526c2ff40c64c

  • SHA1

    cd049bff8c73c51cc74e388f9c5fc2811a9add41

  • SHA256

    fa05c038ef0dc5e87cc5f0cc602caefdeaa99cfc11bfb04b992acd7b3f5332ed

  • SHA512

    4e6268b5f7fa83311e723c62a45c21e61d6c63a6fe560e6ab378b8b9ff13b63f618300a8567967ed0efa75d71f3a8cc2c21296da4dacc390cc58f5909e48038e

  • SSDEEP

    1536:TWV5jSgdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6x9/uO18u:TWV5jSvn7N041Qqhgp9/B

Malware Config

Targets

    • Target

      fa05c038ef0dc5e87cc5f0cc602caefdeaa99cfc11bfb04b992acd7b3f5332ed

    • Size

      78KB

    • MD5

      e91a02de0b2dc5dbd32526c2ff40c64c

    • SHA1

      cd049bff8c73c51cc74e388f9c5fc2811a9add41

    • SHA256

      fa05c038ef0dc5e87cc5f0cc602caefdeaa99cfc11bfb04b992acd7b3f5332ed

    • SHA512

      4e6268b5f7fa83311e723c62a45c21e61d6c63a6fe560e6ab378b8b9ff13b63f618300a8567967ed0efa75d71f3a8cc2c21296da4dacc390cc58f5909e48038e

    • SSDEEP

      1536:TWV5jSgdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6x9/uO18u:TWV5jSvn7N041Qqhgp9/B

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks