General
Target

0048bbede90d7a4f6e980d38e7ddcfaf3fa4a87a1ac37cfd1b121e970d6c2810

Size

78KB

Sample

210228-kw1s6lxvle

Score
10/10
MD5

9b4497259f9f858244023de231400892

SHA1

08600ea0e22ae8e5168ec56a359d75ae2cf9b413

SHA256

0048bbede90d7a4f6e980d38e7ddcfaf3fa4a87a1ac37cfd1b121e970d6c2810

SHA512

777ffca5982119d346d601c4a6b2e4cefae9e5c05b29312c0676d6ed45478d829524ff3a14885a6fc2e4a27235ad897021342b71665f890ccca2a575397432a4

Malware Config
Targets
Target

0048bbede90d7a4f6e980d38e7ddcfaf3fa4a87a1ac37cfd1b121e970d6c2810

MD5

9b4497259f9f858244023de231400892

Filesize

78KB

Score
10/10
SHA1

08600ea0e22ae8e5168ec56a359d75ae2cf9b413

SHA256

0048bbede90d7a4f6e980d38e7ddcfaf3fa4a87a1ac37cfd1b121e970d6c2810

SHA512

777ffca5982119d346d601c4a6b2e4cefae9e5c05b29312c0676d6ed45478d829524ff3a14885a6fc2e4a27235ad897021342b71665f890ccca2a575397432a4

Tags

Signatures

  • MetamorpherRAT

    Description

    Metamorpherrat is a hacking tool that has been around for a while since 2013.

    Tags

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Uses the VBS compiler for execution

    TTPs

    Scripting
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral2

                    Score
                    8/10