Overview

overview

10

Static

static

3

5fd43ae47a...1f.exe

windows7-x64

8

5fd43ae47a...1f.exe

windows10-2004-x64

10

⌚/Morfey.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5fd43ae47a37af3f2975e4a9c5bb91ccbf1556e07e98ba91ba0ff25ab3a2b91f

  • Size

    159KB

  • Sample

    240918-r9x9tsxajf

  • MD5

    d69165cfd5e6da160c2a60bad8a9daff

  • SHA1

    466caab305aace6234238a45b5dad9d6c0f182ff

  • SHA256

    5fd43ae47a37af3f2975e4a9c5bb91ccbf1556e07e98ba91ba0ff25ab3a2b91f

  • SHA512

    2f55cc32d9355bc6e6e814a7fee6bf45051eafab56ec3935598483164278ba4cdbf560a1c2491fff54f7dbe67fa9c718893e4d19047b0846cc3e1fd6f329b002

  • SSDEEP

    3072:IXK9qKo9bH1ruuXKpgKVObMP94Bete1bXT+/RX8x1m0:IXFKo5cpgDY4B/3+5K1m0

Score
10/10
darktrackdiscoveryexecutionpersistenceratstealer

Malware Config

Targets

    • Target

      5fd43ae47a37af3f2975e4a9c5bb91ccbf1556e07e98ba91ba0ff25ab3a2b91f

    • Size

      159KB

    • MD5

      d69165cfd5e6da160c2a60bad8a9daff

    • SHA1

      466caab305aace6234238a45b5dad9d6c0f182ff

    • SHA256

      5fd43ae47a37af3f2975e4a9c5bb91ccbf1556e07e98ba91ba0ff25ab3a2b91f

    • SHA512

      2f55cc32d9355bc6e6e814a7fee6bf45051eafab56ec3935598483164278ba4cdbf560a1c2491fff54f7dbe67fa9c718893e4d19047b0846cc3e1fd6f329b002

    • SSDEEP

      3072:IXK9qKo9bH1ruuXKpgKVObMP94Bete1bXT+/RX8x1m0:IXFKo5cpgDY4B/3+5K1m0

    Score
    10/10
    discoveryexecutionpersistencedarktrackratstealer

    • DarkTrack

      DarkTrack is a remote administration tool written in delphi.

      ratstealerdarktrack

    • DarkTrack payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      ⌚/Morfey.EXE

    • Size

      161KB

    • MD5

      33fe8d665d1df9b4fe716e30ab88253d

    • SHA1

      b9b687aeb4b21b67db2a948c69cd9cc6e7927334

    • SHA256

      4b5e68c6b34253a92926a3704b8c5a52d8384f5d1688dbed552e3ec99bdd3e0a

    • SHA512

      36d0d383977af56afa93c9c6a15a92e67b2be3d339b4c188c4467aca3e68544383ee3d429e4fc9ede7e63e04e8a9911ec311e58e30e2218920f33b3608a5cfca

    • SSDEEP

      3072:wahKyd2n31g5GWp1icKAArDZz4N9GhbkrNEk1t2T:wahOwp0yN90QEP

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks