General
Target

3f5c2aacc7134dc7a7d78f4731c01db691be30d2989274f33f1b56e4090820cd

Size

78KB

Sample

210228-62cm6m5ys6

Score
10/10
MD5

b7522739be3b41f898204a82bebbf202

SHA1

350d9490d8839b357882a2777e9dbf51ebcf4006

SHA256

3f5c2aacc7134dc7a7d78f4731c01db691be30d2989274f33f1b56e4090820cd

SHA512

e3de9441f58a7c120db5e86962abae6755bff93614d0a674e52ed23324f1f791435d69b1e0552c011388c89c5a6b5e64adbf05f9386bc560faa62daaa9b6e926

Malware Config
Targets
Target

3f5c2aacc7134dc7a7d78f4731c01db691be30d2989274f33f1b56e4090820cd

MD5

b7522739be3b41f898204a82bebbf202

Filesize

78KB

Score
10/10
SHA1

350d9490d8839b357882a2777e9dbf51ebcf4006

SHA256

3f5c2aacc7134dc7a7d78f4731c01db691be30d2989274f33f1b56e4090820cd

SHA512

e3de9441f58a7c120db5e86962abae6755bff93614d0a674e52ed23324f1f791435d69b1e0552c011388c89c5a6b5e64adbf05f9386bc560faa62daaa9b6e926

Tags

Signatures

  • MetamorpherRAT

    Description

    Metamorpherrat is a hacking tool that has been around for a while since 2013.

    Tags

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Uses the VBS compiler for execution

    TTPs

    Scripting
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    8/10