General

  • Target

    eaf88d8f3148eece8a85cca78708dcf3_JaffaCakes118

  • Size

    78KB

  • Sample

    240410-nqlj5shc8t

  • MD5

    eaf88d8f3148eece8a85cca78708dcf3

  • SHA1

    fc4d19b19292ead489c157499f908c69195d25d4

  • SHA256

    32ba87d4987f721018ceaa578714d7231ef4b7e3ca55e3b052845070b410a9eb

  • SHA512

    fc4b716ee9b9bbca56103163c4f1bf3d1fc70bfed2d3c3f6fd7b99593bff5e40f68a295cd9af28e022351bbbd47db93fcc1800115c17a5246d58a8c73a54f081

  • SSDEEP

    1536:VWV5jSEdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6S9/gh1Ry:VWV5jSzn7N041Qqhg69/3

Malware Config

Targets

    • Target

      eaf88d8f3148eece8a85cca78708dcf3_JaffaCakes118

    • Size

      78KB

    • MD5

      eaf88d8f3148eece8a85cca78708dcf3

    • SHA1

      fc4d19b19292ead489c157499f908c69195d25d4

    • SHA256

      32ba87d4987f721018ceaa578714d7231ef4b7e3ca55e3b052845070b410a9eb

    • SHA512

      fc4b716ee9b9bbca56103163c4f1bf3d1fc70bfed2d3c3f6fd7b99593bff5e40f68a295cd9af28e022351bbbd47db93fcc1800115c17a5246d58a8c73a54f081

    • SSDEEP

      1536:VWV5jSEdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6S9/gh1Ry:VWV5jSzn7N041Qqhg69/3

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks