General

  • Target

    e9d811bbc2a069808758431bcdacddcf81fef8aefafe9d733d881682548c56b8.exe

  • Size

    78KB

  • Sample

    250217-jshttawmaj

  • MD5

    e1dc68718d5eda4005030486b6e5e373

  • SHA1

    a268407a73d548241411b41722d5bd6723dbb385

  • SHA256

    e9d811bbc2a069808758431bcdacddcf81fef8aefafe9d733d881682548c56b8

  • SHA512

    8e21637d7bd1c3f1c0cbeeadcc07d1f8f509baac0c5f1a47bddfd8574dcc33211b24ba23c73740e3857cde50b3fae9d136a7c46e0128cea83101194f160c24fa

  • SSDEEP

    1536:EsHH638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtz9/z10TF:EsHa3Ln7N041Qqhgz9/wF

Malware Config

Targets

    • Target

      e9d811bbc2a069808758431bcdacddcf81fef8aefafe9d733d881682548c56b8.exe

    • Size

      78KB

    • MD5

      e1dc68718d5eda4005030486b6e5e373

    • SHA1

      a268407a73d548241411b41722d5bd6723dbb385

    • SHA256

      e9d811bbc2a069808758431bcdacddcf81fef8aefafe9d733d881682548c56b8

    • SHA512

      8e21637d7bd1c3f1c0cbeeadcc07d1f8f509baac0c5f1a47bddfd8574dcc33211b24ba23c73740e3857cde50b3fae9d136a7c46e0128cea83101194f160c24fa

    • SSDEEP

      1536:EsHH638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtz9/z10TF:EsHa3Ln7N041Qqhgz9/wF

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

    • Metamorpherrat family

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks