metamorpherrat | 0048bbede90d7a4f6e980d38e7ddcfaf3fa4a87a1ac37cfd1b121e970d6c2810 | Triage

Sharing

General

Target

0048bbede90d7a4f6e980d38e7ddcfaf3fa4a87a1ac37cfd1b121e970d6c2810
Size

78KB
Sample

210228-kw1s6lxvle
MD5

9b4497259f9f858244023de231400892
SHA1

08600ea0e22ae8e5168ec56a359d75ae2cf9b413
SHA256

0048bbede90d7a4f6e980d38e7ddcfaf3fa4a87a1ac37cfd1b121e970d6c2810
SHA512

777ffca5982119d346d601c4a6b2e4cefae9e5c05b29312c0676d6ed45478d829524ff3a14885a6fc2e4a27235ad897021342b71665f890ccca2a575397432a4

Score

10^/10

metamorpherrat persistence rat stealer trojan

Malware Config

Targets

- Target
  
  0048bbede90d7a4f6e980d38e7ddcfaf3fa4a87a1ac37cfd1b121e970d6c2810
- Size
  
  78KB
- MD5
  
  9b4497259f9f858244023de231400892
- SHA1
  
  08600ea0e22ae8e5168ec56a359d75ae2cf9b413
- SHA256
  
  0048bbede90d7a4f6e980d38e7ddcfaf3fa4a87a1ac37cfd1b121e970d6c2810
- SHA512
  
  777ffca5982119d346d601c4a6b2e4cefae9e5c05b29312c0676d6ed45478d829524ff3a14885a6fc2e4a27235ad897021342b71665f890ccca2a575397432a4
Score

10^/10

metamorpherrat persistence rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metamorpherratpersistenceratstealertrojan

behavioral2