Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...38.exe

windows7-x64

10

JaffaCakes...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5da3837530dd6b1a9666ea002aef5238

  • Size

    80KB

  • Sample

    250107-mg6naaxkcz

  • MD5

    5da3837530dd6b1a9666ea002aef5238

  • SHA1

    41893ba57e61f8b177775c4d8ff982a8ec73e94e

  • SHA256

    81e6145cbc93443083f2398466f3a7d39c52dcac816b92b4619576ce531c0624

  • SHA512

    666fd1978741d8b4d6360bf46d93e957af5931f1777021e75ed403a125d5d9d0123410b41c88329d4595c587b125a2e85e09ec5e0f5498651d690ff344f64cd4

  • SSDEEP

    1536:9HFo6rdELT8hn2Ep7WzPdVj6Ju8B3AZ242UdIAkD4x3HT4hPVoYdVQtLg39/CF1b:9HFo8dSE2EwR4uY41HyvYLg39/Cz

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      JaffaCakes118_5da3837530dd6b1a9666ea002aef5238

    • Size

      80KB

    • MD5

      5da3837530dd6b1a9666ea002aef5238

    • SHA1

      41893ba57e61f8b177775c4d8ff982a8ec73e94e

    • SHA256

      81e6145cbc93443083f2398466f3a7d39c52dcac816b92b4619576ce531c0624

    • SHA512

      666fd1978741d8b4d6360bf46d93e957af5931f1777021e75ed403a125d5d9d0123410b41c88329d4595c587b125a2e85e09ec5e0f5498651d690ff344f64cd4

    • SSDEEP

      1536:9HFo6rdELT8hn2Ep7WzPdVj6Ju8B3AZ242UdIAkD4x3HT4hPVoYdVQtLg39/CF1b:9HFo8dSE2EwR4uY41HyvYLg39/Cz

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.