Overview

overview

10

Static

static

3

fcefb211e3...18.exe

windows7-x64

10

fcefb211e3...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcefb211e318d701bcec407393ce85f4_JaffaCakes118

  • Size

    78KB

  • Sample

    240420-rg8vvsac98

  • MD5

    fcefb211e318d701bcec407393ce85f4

  • SHA1

    341535bfce9489d94cb968e130642de6926f8f59

  • SHA256

    ede02f6d37500c94fd48d0489f053f1de069080af87c37b61ed94d0073695e77

  • SHA512

    a29b06ddad664c5399ffa254c3f4b81aa54ae1a92434968f6906dcc6bd63132773e840c18795b4ebbf653a05d1154766be4ef61ad05829a7fa63f9ef8b28d375

  • SSDEEP

    1536:dPWV58Tdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6kM9/f150:dPWV58yn7N041QqhgR9/s

Score
10/10
metamorpherratpersistenceratstealertrojan

Malware Config

Targets

    • Target

      fcefb211e318d701bcec407393ce85f4_JaffaCakes118

    • Size

      78KB

    • MD5

      fcefb211e318d701bcec407393ce85f4

    • SHA1

      341535bfce9489d94cb968e130642de6926f8f59

    • SHA256

      ede02f6d37500c94fd48d0489f053f1de069080af87c37b61ed94d0073695e77

    • SHA512

      a29b06ddad664c5399ffa254c3f4b81aa54ae1a92434968f6906dcc6bd63132773e840c18795b4ebbf653a05d1154766be4ef61ad05829a7fa63f9ef8b28d375

    • SSDEEP

      1536:dPWV58Tdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6kM9/f150:dPWV58yn7N041QqhgR9/s

    Score
    10/10
    metamorpherratpersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks