Overview

overview

10

Static

static

3

b7265059e8...18.exe

windows7-x64

10

b7265059e8...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b7265059e8284fc14c4dd91301129fb7_JaffaCakes118

  • Size

    78KB

  • Sample

    241202-gpc32ssncw

  • MD5

    b7265059e8284fc14c4dd91301129fb7

  • SHA1

    bf914ff8ab15bbed2cccfb5f1eb80581f2db7920

  • SHA256

    830853b1a26a4809184596ac501e7ce156172dc87ba0c1839f882fbaceacf6fd

  • SHA512

    f75a15151765e08a1e82f769708b84b77437e629da21e06aa1a96267bb64b76be1d217635b63e33fc092568b08a75860df84fbcfe8d5477a138b064022b1a154

  • SSDEEP

    1536:zcPWtHFo6uaJtZAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9Qtv9/x:wPWtHFoI3ZAtWDDILJLovbicqOq3o+nL

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      b7265059e8284fc14c4dd91301129fb7_JaffaCakes118

    • Size

      78KB

    • MD5

      b7265059e8284fc14c4dd91301129fb7

    • SHA1

      bf914ff8ab15bbed2cccfb5f1eb80581f2db7920

    • SHA256

      830853b1a26a4809184596ac501e7ce156172dc87ba0c1839f882fbaceacf6fd

    • SHA512

      f75a15151765e08a1e82f769708b84b77437e629da21e06aa1a96267bb64b76be1d217635b63e33fc092568b08a75860df84fbcfe8d5477a138b064022b1a154

    • SSDEEP

      1536:zcPWtHFo6uaJtZAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9Qtv9/x:wPWtHFoI3ZAtWDDILJLovbicqOq3o+nL

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks