Overview

overview

10

Static

static

cfbf6bc623...2f.exe

windows7_x64

10

cfbf6bc623...2f.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfbf6bc623b1544610a81007b1af4eb62c9b337314b6ad84cf6553795d885b2f

  • Size

    78KB

  • Sample

    220326-w6vfzsgac8

  • MD5

    61e6ac7a7ef320216ce70717341e0fde

  • SHA1

    6f6dcc9fa6651967b8dfb832a95a0bb671ca59ac

  • SHA256

    cfbf6bc623b1544610a81007b1af4eb62c9b337314b6ad84cf6553795d885b2f

  • SHA512

    7f87ab775ced67d131ed885d71d4b2713365509b4c8d63ba4c36a418cff6a7b15b22853494816d1c8cfe01c05088e86f9bd76aa522875a650e096b1a3b52bfc8

Score
10/10
metamorpherratpersistenceratstealertrojan

Malware Config

Targets

    • Target

      cfbf6bc623b1544610a81007b1af4eb62c9b337314b6ad84cf6553795d885b2f

    • Size

      78KB

    • MD5

      61e6ac7a7ef320216ce70717341e0fde

    • SHA1

      6f6dcc9fa6651967b8dfb832a95a0bb671ca59ac

    • SHA256

      cfbf6bc623b1544610a81007b1af4eb62c9b337314b6ad84cf6553795d885b2f

    • SHA512

      7f87ab775ced67d131ed885d71d4b2713365509b4c8d63ba4c36a418cff6a7b15b22853494816d1c8cfe01c05088e86f9bd76aa522875a650e096b1a3b52bfc8

    Score
    10/10
    metamorpherratpersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks