Overview

overview

10

Static

static

763fc4b26e...38.exe

windows7_x64

10

763fc4b26e...38.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    763fc4b26e62c282d2c3dc30b50357c4b99d9d2982aafa70b749430d3916e738

  • Size

    78KB

  • Sample

    220330-d5l44sfef9

  • MD5

    016f7f4cdd91ff5da68185b7492e7457

  • SHA1

    ff2d20723a34b92ca4f5b8b1cd0e1edff633b5bb

  • SHA256

    763fc4b26e62c282d2c3dc30b50357c4b99d9d2982aafa70b749430d3916e738

  • SHA512

    ee6308f4cb87605c190461038fc7d70315374f5d8535ec576d8f9b3995aba1d1918116f53759602b9f8f2d52f7269100466c15a26ca94d1f599f99b7bde4224e

Score
10/10
metamorpherratpersistenceratstealertrojan

Malware Config

Targets

    • Target

      763fc4b26e62c282d2c3dc30b50357c4b99d9d2982aafa70b749430d3916e738

    • Size

      78KB

    • MD5

      016f7f4cdd91ff5da68185b7492e7457

    • SHA1

      ff2d20723a34b92ca4f5b8b1cd0e1edff633b5bb

    • SHA256

      763fc4b26e62c282d2c3dc30b50357c4b99d9d2982aafa70b749430d3916e738

    • SHA512

      ee6308f4cb87605c190461038fc7d70315374f5d8535ec576d8f9b3995aba1d1918116f53759602b9f8f2d52f7269100466c15a26ca94d1f599f99b7bde4224e

    Score
    10/10
    metamorpherratpersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks