Overview

overview

10

Static

static

3

350a157ee5...18.exe

windows7-x64

10

350a157ee5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    350a157ee5261b1e6d25882739bbdb75_JaffaCakes118

  • Size

    78KB

  • Sample

    241011-qrty1szclk

  • MD5

    350a157ee5261b1e6d25882739bbdb75

  • SHA1

    b5c2a5cc775be50945412e3c21fe0a8077d339c8

  • SHA256

    7602d32e20a52a149d1c898662ca536efcaa9729ea32609eb060d07fd859e052

  • SHA512

    8bfc4c89008260dc481b466a1a6360b1004c4cec255c4692d78de033437ddd2902e692d08a7de0f17d1014b0beb743f7e5cd63b977135fcd4dd0c71a634c91d6

  • SSDEEP

    1536:hRWtHF3rdELT8hn2Ep7WzPdVj6Ju8B3AZ242UdIAkD4x3HT4hPVoYdVQtLj9/OUo:hRWtHFbdSE2EwR4uY41HyvYLj9/4

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      350a157ee5261b1e6d25882739bbdb75_JaffaCakes118

    • Size

      78KB

    • MD5

      350a157ee5261b1e6d25882739bbdb75

    • SHA1

      b5c2a5cc775be50945412e3c21fe0a8077d339c8

    • SHA256

      7602d32e20a52a149d1c898662ca536efcaa9729ea32609eb060d07fd859e052

    • SHA512

      8bfc4c89008260dc481b466a1a6360b1004c4cec255c4692d78de033437ddd2902e692d08a7de0f17d1014b0beb743f7e5cd63b977135fcd4dd0c71a634c91d6

    • SSDEEP

      1536:hRWtHF3rdELT8hn2Ep7WzPdVj6Ju8B3AZ242UdIAkD4x3HT4hPVoYdVQtLj9/OUo:hRWtHFbdSE2EwR4uY41HyvYLj9/4

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks