Overview

overview

10

Static

static

4d7e3818fc...5d.exe

windows7_x64

8

4d7e3818fc...5d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d7e3818fcaa4b55056d58e20420d10fe1d8e56fbd6059d0a716c877f73aaa5d

  • Size

    78KB

  • Sample

    210228-412z74bg86

  • MD5

    0106ede4fe7c8704ea04b3f66c5d80d6

  • SHA1

    59d774bed7c7c8f76de7fa436e238413870d16b6

  • SHA256

    4d7e3818fcaa4b55056d58e20420d10fe1d8e56fbd6059d0a716c877f73aaa5d

  • SHA512

    8ed68cc9a26eb9ce1f9fd0d70ae0d0a6ba91c3d3cc3a2feb730957556f981edbcf41841815220552aedffcf85b1d967442e9d7fe9fd8f5a20ef19d1f7340439e

Score
10/10
metamorpherratpersistenceratstealertrojan

Malware Config

Targets

    • Target

      4d7e3818fcaa4b55056d58e20420d10fe1d8e56fbd6059d0a716c877f73aaa5d

    • Size

      78KB

    • MD5

      0106ede4fe7c8704ea04b3f66c5d80d6

    • SHA1

      59d774bed7c7c8f76de7fa436e238413870d16b6

    • SHA256

      4d7e3818fcaa4b55056d58e20420d10fe1d8e56fbd6059d0a716c877f73aaa5d

    • SHA512

      8ed68cc9a26eb9ce1f9fd0d70ae0d0a6ba91c3d3cc3a2feb730957556f981edbcf41841815220552aedffcf85b1d967442e9d7fe9fd8f5a20ef19d1f7340439e

    Score
    10/10
    persistencemetamorpherratratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks