General

  • Target

    ff696707f05db3738da3a9ba22c17809ed38e3a3d7e7628bf09be02e59e64341N

  • Size

    78KB

  • Sample

    241012-nadvcsxdpc

  • MD5

    8ea499895ddd14eeec8e563398023090

  • SHA1

    c8811038c9384bea1829d29664990f1aca97da22

  • SHA256

    ff696707f05db3738da3a9ba22c17809ed38e3a3d7e7628bf09be02e59e64341

  • SHA512

    0b3c546bc74cd25ef2352b4cb4c9b0a0867b315d18c08b922012df3bb168ef1f20e27fc6fa9f646481068cc8300b4e25ae36c35604eeb7892cb07f3b764d5ef2

  • SSDEEP

    1536:VsHFo6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtq9/6D1EV:VsHFo53Ln7N041Qqhgq9/6K

Malware Config

Targets

    • Target

      ff696707f05db3738da3a9ba22c17809ed38e3a3d7e7628bf09be02e59e64341N

    • Size

      78KB

    • MD5

      8ea499895ddd14eeec8e563398023090

    • SHA1

      c8811038c9384bea1829d29664990f1aca97da22

    • SHA256

      ff696707f05db3738da3a9ba22c17809ed38e3a3d7e7628bf09be02e59e64341

    • SHA512

      0b3c546bc74cd25ef2352b4cb4c9b0a0867b315d18c08b922012df3bb168ef1f20e27fc6fa9f646481068cc8300b4e25ae36c35604eeb7892cb07f3b764d5ef2

    • SSDEEP

      1536:VsHFo6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtq9/6D1EV:VsHFo53Ln7N041Qqhgq9/6K

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks