General

  • Target

    1b8daf3e4c9c5407447c3c96e0b0ed7b

  • Size

    78KB

  • Sample

    240410-gd9mwaeb76

  • MD5

    1b8daf3e4c9c5407447c3c96e0b0ed7b

  • SHA1

    9aa2c07c95e0f22a356c71e7fbcc029f6310ebcb

  • SHA256

    37dd69272c8cb247c3bb56283a9a786cc5cde3abaefcfead2067f81106f64d4e

  • SHA512

    7f91ddebfefe6fd82f89df332f302aa540717f8eee2e728d3cef43996c664ad95d4f468981abd266610dab5b0e711dd546a88bb27ba1db9214a68df8f20387d9

  • SSDEEP

    1536:sPy5jSBXT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQtN639/0N1hX:sPy5jSBSyRxvhTzXPvCbW2UQ9/i

Malware Config

Targets

    • Target

      1b8daf3e4c9c5407447c3c96e0b0ed7b

    • Size

      78KB

    • MD5

      1b8daf3e4c9c5407447c3c96e0b0ed7b

    • SHA1

      9aa2c07c95e0f22a356c71e7fbcc029f6310ebcb

    • SHA256

      37dd69272c8cb247c3bb56283a9a786cc5cde3abaefcfead2067f81106f64d4e

    • SHA512

      7f91ddebfefe6fd82f89df332f302aa540717f8eee2e728d3cef43996c664ad95d4f468981abd266610dab5b0e711dd546a88bb27ba1db9214a68df8f20387d9

    • SSDEEP

      1536:sPy5jSBXT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQtN639/0N1hX:sPy5jSBSyRxvhTzXPvCbW2UQ9/i

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks