metamorpherrat | 4a1ba4f48e33751504c09ddcb0b4f7fe52164b008ccdbe981f4d81b1b32a3de5 | Triage

Sharing

General

Target

4a1ba4f48e33751504c09ddcb0b4f7fe52164b008ccdbe981f4d81b1b32a3de5
Size

78KB
Sample

220326-tn5g5abbhq
MD5

bccbe7143af55d059e94f1c1eb1f44dc
SHA1

638a26acdf1515540341ccfe21a6098f83e8dc94
SHA256

4a1ba4f48e33751504c09ddcb0b4f7fe52164b008ccdbe981f4d81b1b32a3de5
SHA512

9e715888acfd2aaeea507296f79f345586d2d8972964274f70184056b49ff593e8213b299259d26f09ea9366f8a2304fa8cf138eb2c64ac48941d7a932461c4b

Score

10^/10

metamorpherrat persistence rat stealer suricata trojan

Malware Config

Targets

- Target
  
  4a1ba4f48e33751504c09ddcb0b4f7fe52164b008ccdbe981f4d81b1b32a3de5
- Size
  
  78KB
- MD5
  
  bccbe7143af55d059e94f1c1eb1f44dc
- SHA1
  
  638a26acdf1515540341ccfe21a6098f83e8dc94
- SHA256
  
  4a1ba4f48e33751504c09ddcb0b4f7fe52164b008ccdbe981f4d81b1b32a3de5
- SHA512
  
  9e715888acfd2aaeea507296f79f345586d2d8972964274f70184056b49ff593e8213b299259d26f09ea9366f8a2304fa8cf138eb2c64ac48941d7a932461c4b
Score

10^/10

metamorpherrat persistence rat stealer suricata trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metamorpherratpersistenceratstealersuricatatrojan

behavioral2