Overview

overview

10

Static

static

3

1f368df6f5...18.exe

windows7-x64

10

1f368df6f5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f368df6f51473d7ef0ef21c9475923c_JaffaCakes118

  • Size

    78KB

  • Sample

    241008-de9sgszbqg

  • MD5

    1f368df6f51473d7ef0ef21c9475923c

  • SHA1

    96e0a4fcae3b756700b6786f4372cfbb2d256958

  • SHA256

    08f95054861648c4076c33d524cba402de0467762cf8f7e965ce26565afebb18

  • SHA512

    b2003c081888cfa4fb04cd67161859e1c272193aa020c4e51aeb20c8dac8dfc1ee8f786accc97220588297440b1749f10d3efd13ac2dd5db4a5aa1dde421f85c

  • SSDEEP

    1536:ZRWV58bXT0XRhyRjVf3HaXOJR0zcEIvCZ1xjs9np/IPioYJbQti67I9/h1FE:ZRWV58bSyRxvHF5vCbxwpI6WjI9/e

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      1f368df6f51473d7ef0ef21c9475923c_JaffaCakes118

    • Size

      78KB

    • MD5

      1f368df6f51473d7ef0ef21c9475923c

    • SHA1

      96e0a4fcae3b756700b6786f4372cfbb2d256958

    • SHA256

      08f95054861648c4076c33d524cba402de0467762cf8f7e965ce26565afebb18

    • SHA512

      b2003c081888cfa4fb04cd67161859e1c272193aa020c4e51aeb20c8dac8dfc1ee8f786accc97220588297440b1749f10d3efd13ac2dd5db4a5aa1dde421f85c

    • SSDEEP

      1536:ZRWV58bXT0XRhyRjVf3HaXOJR0zcEIvCZ1xjs9np/IPioYJbQti67I9/h1FE:ZRWV58bSyRxvHF5vCbxwpI6WjI9/e

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks