metamorpherrat | f2a6df65695cd5b0a1cb5e34d90f09937127acb2e818f8d064deca6441f7840c | Triage

Sharing

General

Target

f2a6df65695cd5b0a1cb5e34d90f09937127acb2e818f8d064deca6441f7840c
Size

78KB
Sample

220329-el66lsfdcp
MD5

00fd4b94968c271959590801fdd42113
SHA1

2f33695baca0b074f28a25797258a81adf269058
SHA256

f2a6df65695cd5b0a1cb5e34d90f09937127acb2e818f8d064deca6441f7840c
SHA512

26eee7932a094e7cf371ced7d5214a317cd1801828ab9a68a6f4c4cd2a761e2bdb5cf7aa5e90a9742992d292194490808069c0e5b26cc8ac3bd52eacd3529aed

Score

10^/10

metamorpherrat persistence rat stealer suricata trojan

Malware Config

Targets

- Target
  
  f2a6df65695cd5b0a1cb5e34d90f09937127acb2e818f8d064deca6441f7840c
- Size
  
  78KB
- MD5
  
  00fd4b94968c271959590801fdd42113
- SHA1
  
  2f33695baca0b074f28a25797258a81adf269058
- SHA256
  
  f2a6df65695cd5b0a1cb5e34d90f09937127acb2e818f8d064deca6441f7840c
- SHA512
  
  26eee7932a094e7cf371ced7d5214a317cd1801828ab9a68a6f4c4cd2a761e2bdb5cf7aa5e90a9742992d292194490808069c0e5b26cc8ac3bd52eacd3529aed
Score

10^/10

metamorpherrat persistence rat stealer suricata trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metamorpherratpersistenceratstealersuricatatrojan

behavioral2