General

  • Target

    eb24d7680fdb1b173363177482064b5c_JaffaCakes118

  • Size

    78KB

  • Sample

    240410-qeptjagg75

  • MD5

    eb24d7680fdb1b173363177482064b5c

  • SHA1

    ff69c070aba1d4ff8e034e1460591082e7ae38a5

  • SHA256

    5a47d09740e522442aabc10feac3bff2c724320ea6c648467201fa7356a16154

  • SHA512

    8d0ae1b322d9283574fbe42feb89d5105bc87fce01f2bd55b5cfcdabc33f84c54e3179690d1f0dd83c91ea17efd7355e8ac45ce8011b657e33d824ed97523e8f

  • SSDEEP

    1536:se5jAXT0XRhyRjVf3znOJTv3lcUK/+dWzCP7oYTcSQtC6c9/G1Ke:se5j4SyRxvY3md+dWWZyk9/i

Malware Config

Targets

    • Target

      eb24d7680fdb1b173363177482064b5c_JaffaCakes118

    • Size

      78KB

    • MD5

      eb24d7680fdb1b173363177482064b5c

    • SHA1

      ff69c070aba1d4ff8e034e1460591082e7ae38a5

    • SHA256

      5a47d09740e522442aabc10feac3bff2c724320ea6c648467201fa7356a16154

    • SHA512

      8d0ae1b322d9283574fbe42feb89d5105bc87fce01f2bd55b5cfcdabc33f84c54e3179690d1f0dd83c91ea17efd7355e8ac45ce8011b657e33d824ed97523e8f

    • SSDEEP

      1536:se5jAXT0XRhyRjVf3znOJTv3lcUK/+dWzCP7oYTcSQtC6c9/G1Ke:se5j4SyRxvY3md+dWWZyk9/i

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks