Overview

overview

10

Static

static

3

18a26b2649...18.exe

windows7-x64

10

18a26b2649...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18a26b26496327a38ec522546064728c_JaffaCakes118

  • Size

    78KB

  • Sample

    241006-srcqvavfnb

  • MD5

    18a26b26496327a38ec522546064728c

  • SHA1

    f8d221536a963ffe18bb8755a5b706978a693969

  • SHA256

    22f0ab8a4c6ab2479f6b7d2e7061404cedd344377a41f06bfb5c247aadc3cd00

  • SHA512

    2dae0366d9e4e88f61265db1354eb654cf31615af5f568f90be45cfa528971fc7cfc21bc0096db558444c60473045e71ed8203bd1a738606a014de801bd85e2c

  • SSDEEP

    1536:GStHHJIdXT0XRhyRjVf3HaXOJR0zcEIvCZ1xjs9np/IPioYJbQt8O9/041je:GStHpINSyRxvHF5vCbxwpI6W8O9/07

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      18a26b26496327a38ec522546064728c_JaffaCakes118

    • Size

      78KB

    • MD5

      18a26b26496327a38ec522546064728c

    • SHA1

      f8d221536a963ffe18bb8755a5b706978a693969

    • SHA256

      22f0ab8a4c6ab2479f6b7d2e7061404cedd344377a41f06bfb5c247aadc3cd00

    • SHA512

      2dae0366d9e4e88f61265db1354eb654cf31615af5f568f90be45cfa528971fc7cfc21bc0096db558444c60473045e71ed8203bd1a738606a014de801bd85e2c

    • SSDEEP

      1536:GStHHJIdXT0XRhyRjVf3HaXOJR0zcEIvCZ1xjs9np/IPioYJbQt8O9/041je:GStHpINSyRxvHF5vCbxwpI6W8O9/07

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks