Overview

overview

10

Static

static

ec41f73372...66.exe

windows7_x64

10

ec41f73372...66.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec41f7337218bc61b7f109190b36ba9d66a0118d475bc08ce51926fb79666166

  • Size

    78KB

  • Sample

    220326-wkcdaaffg9

  • MD5

    0efed81f5339c0ad460c250ca39ff618

  • SHA1

    e46747bc89bc7e78c9ab7e9c5168073b4fb8fb55

  • SHA256

    ec41f7337218bc61b7f109190b36ba9d66a0118d475bc08ce51926fb79666166

  • SHA512

    5f7775f59092f2dd1cb33a5e888ab3bc2f2312454780732b7888d3b85523c8167e225832f7c8b8b720d34ec690c65468bcf4ffe081270c887153381277dfcd98

Score
10/10
metamorpherratpersistenceratstealertrojan

Malware Config

Targets

    • Target

      ec41f7337218bc61b7f109190b36ba9d66a0118d475bc08ce51926fb79666166

    • Size

      78KB

    • MD5

      0efed81f5339c0ad460c250ca39ff618

    • SHA1

      e46747bc89bc7e78c9ab7e9c5168073b4fb8fb55

    • SHA256

      ec41f7337218bc61b7f109190b36ba9d66a0118d475bc08ce51926fb79666166

    • SHA512

      5f7775f59092f2dd1cb33a5e888ab3bc2f2312454780732b7888d3b85523c8167e225832f7c8b8b720d34ec690c65468bcf4ffe081270c887153381277dfcd98

    Score
    10/10
    metamorpherratpersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks