metamorpherrat | 4b48f1deb48b6c406313fdaafe106c6c5cb67d5d31ef0cfae0c224abfc8773ec | Triage

Sharing

General

Target

4b48f1deb48b6c406313fdaafe106c6c5cb67d5d31ef0cfae0c224abfc8773ec
Size

78KB
Sample

220326-zeat2shbg9
MD5

06048f4ab59250b9739b0fb0c24dcffd
SHA1

628767b4875823902987a30d923244457ad958bd
SHA256

4b48f1deb48b6c406313fdaafe106c6c5cb67d5d31ef0cfae0c224abfc8773ec
SHA512

e42703b792021ca22f262f09a278e9320d2c3bc9dd5d132a141acd2feb6cf75c015708649ec17ce27699ef23b36badf58cfe4755f4887619b76a1bf111231445

Score

10^/10

metamorpherrat persistence rat stealer trojan

Malware Config

Targets

- Target
  
  4b48f1deb48b6c406313fdaafe106c6c5cb67d5d31ef0cfae0c224abfc8773ec
- Size
  
  78KB
- MD5
  
  06048f4ab59250b9739b0fb0c24dcffd
- SHA1
  
  628767b4875823902987a30d923244457ad958bd
- SHA256
  
  4b48f1deb48b6c406313fdaafe106c6c5cb67d5d31ef0cfae0c224abfc8773ec
- SHA512
  
  e42703b792021ca22f262f09a278e9320d2c3bc9dd5d132a141acd2feb6cf75c015708649ec17ce27699ef23b36badf58cfe4755f4887619b76a1bf111231445
Score

10^/10

metamorpherrat persistence rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metamorpherratpersistenceratstealertrojan

behavioral2