General

  • Target

    ea9bd0e0af93469d88b0be36fd78a2db_JaffaCakes118

  • Size

    78KB

  • Sample

    240410-jwprjagh67

  • MD5

    ea9bd0e0af93469d88b0be36fd78a2db

  • SHA1

    f05b628a9f8fe87f4eb5b2c1db6cb13df9ed50dc

  • SHA256

    6013b8df312752922c449e0977753efceca566b1030f9904663cb7220f10f4ae

  • SHA512

    affd76ca4d44ad95f878df0f3dda7857b4bd6b727e3dcb19ccd20c26e89fd09477ecbf3231e4cb2e400295977b0256c76c54dcd71c58cfb72546c50228c7b76b

  • SSDEEP

    1536:GhRWV58wXT0XRhyRjVf3znOJTv3lcUK/+dWzCP7oYTcSQt96U9/lf1/P:CRWV58oSyRxvY3md+dWWZyH9/D

Malware Config

Targets

    • Target

      ea9bd0e0af93469d88b0be36fd78a2db_JaffaCakes118

    • Size

      78KB

    • MD5

      ea9bd0e0af93469d88b0be36fd78a2db

    • SHA1

      f05b628a9f8fe87f4eb5b2c1db6cb13df9ed50dc

    • SHA256

      6013b8df312752922c449e0977753efceca566b1030f9904663cb7220f10f4ae

    • SHA512

      affd76ca4d44ad95f878df0f3dda7857b4bd6b727e3dcb19ccd20c26e89fd09477ecbf3231e4cb2e400295977b0256c76c54dcd71c58cfb72546c50228c7b76b

    • SSDEEP

      1536:GhRWV58wXT0XRhyRjVf3znOJTv3lcUK/+dWzCP7oYTcSQt96U9/lf1/P:CRWV58oSyRxvY3md+dWWZyH9/D

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks