metamorpherrat | 36c0a7fbf56bbb75b559e80b2da4fedf275ce2ab229fa4371ec44e77365ea623 | Triage

Sharing

General

Target

36c0a7fbf56bbb75b559e80b2da4fedf275ce2ab229fa4371ec44e77365ea623
Size

78KB
Sample

220326-rk5ydaabhk
MD5

0058d423a88181d77fdf49adf4261264
SHA1

0a84f8e2cd285ab5227ea8908f99f3a698fc945e
SHA256

36c0a7fbf56bbb75b559e80b2da4fedf275ce2ab229fa4371ec44e77365ea623
SHA512

bc2b63ad53c6eeb1bdc2485e44a0f3243be4e3de7ddb16a660ecebdf9c67198f521feb0288cdef151c41fafa0cbd7e90e3560d25bb7ab0cd8e2e84069e2719b2

Score

10^/10

metamorpherrat persistence rat stealer suricata trojan

Malware Config

Targets

- Target
  
  36c0a7fbf56bbb75b559e80b2da4fedf275ce2ab229fa4371ec44e77365ea623
- Size
  
  78KB
- MD5
  
  0058d423a88181d77fdf49adf4261264
- SHA1
  
  0a84f8e2cd285ab5227ea8908f99f3a698fc945e
- SHA256
  
  36c0a7fbf56bbb75b559e80b2da4fedf275ce2ab229fa4371ec44e77365ea623
- SHA512
  
  bc2b63ad53c6eeb1bdc2485e44a0f3243be4e3de7ddb16a660ecebdf9c67198f521feb0288cdef151c41fafa0cbd7e90e3560d25bb7ab0cd8e2e84069e2719b2
Score

10^/10

metamorpherrat persistence rat stealer suricata trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metamorpherratpersistenceratstealersuricatatrojan

behavioral2