Overview

overview

10

Static

static

3

ff520c09aa...18.exe

windows7-x64

10

ff520c09aa...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff520c09aaaccbeaa4e2e97bbae2a205_JaffaCakes118

  • Size

    78KB

  • Sample

    240421-p4yx3abh53

  • MD5

    ff520c09aaaccbeaa4e2e97bbae2a205

  • SHA1

    f12e7b2d6258a3925608a474596fd37ef2fb0fdc

  • SHA256

    7d5cd2323bf22d1dc34d4836a155ee5626b28ba74ddf91e3d5470e62358609ac

  • SHA512

    45637c49edf5c17f73833c2e82447eac2ca2f9876a432480ad742f1aaa90754d962dc52aa1487a6d1b8013af301faf53237cdb11c2fd519209db18fabb1576ca

  • SSDEEP

    1536:GCHY6JIdXT0XRhyRjVf3HaXOJR0zcEIvCZ1xjs9np/IPioYJbQt++9/Jh1aL:GCHYOINSyRxvHF5vCbxwpI6W++9/Jk

Score
10/10
metamorpherratpersistenceratstealertrojan

Malware Config

Targets

    • Target

      ff520c09aaaccbeaa4e2e97bbae2a205_JaffaCakes118

    • Size

      78KB

    • MD5

      ff520c09aaaccbeaa4e2e97bbae2a205

    • SHA1

      f12e7b2d6258a3925608a474596fd37ef2fb0fdc

    • SHA256

      7d5cd2323bf22d1dc34d4836a155ee5626b28ba74ddf91e3d5470e62358609ac

    • SHA512

      45637c49edf5c17f73833c2e82447eac2ca2f9876a432480ad742f1aaa90754d962dc52aa1487a6d1b8013af301faf53237cdb11c2fd519209db18fabb1576ca

    • SSDEEP

      1536:GCHY6JIdXT0XRhyRjVf3HaXOJR0zcEIvCZ1xjs9np/IPioYJbQt++9/Jh1aL:GCHYOINSyRxvHF5vCbxwpI6W++9/Jk

    Score
    10/10
    metamorpherratpersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks