metamorpherrat | 8ab7d77b0a9fb27d107f98811aa26aa32606df3e9c2868cb207fa33e8a05c8e4 | Triage

Submit
Reports

Overview

overview

Static

static

8ab7d77b0a...e4.exe

windows7_x64

8ab7d77b0a...e4.exe

windows10-2004_x64

Sharing

General

Target

8ab7d77b0a9fb27d107f98811aa26aa32606df3e9c2868cb207fa33e8a05c8e4
Size

78KB
Sample

220503-segh9sccen
MD5

04d5e9376838e75f62c1e3f72036dcd4
SHA1

dc3c1eebe560105197c9c94a3f317a966381ce59
SHA256

8ab7d77b0a9fb27d107f98811aa26aa32606df3e9c2868cb207fa33e8a05c8e4
SHA512

de87d6a909b0e0e1a8ab8452f0bb652918ca2dfdfea31be65dbbc9871e7418b3cbc43f352979512b726a684bc3fe1de291ee2176f25b610277f7f931f377b8a6

Score

10^/10

metamorpherrat rat stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

8ab7d77b0a9fb27d107f98811aa26aa32606df3e9c2868cb207fa33e8a05c8e4.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8ab7d77b0a9fb27d107f98811aa26aa32606df3e9c2868cb207fa33e8a05c8e4.exe

Resource

win10v2004-20220414-en

metamorpherrat rat stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8ab7d77b0a9fb27d107f98811aa26aa32606df3e9c2868cb207fa33e8a05c8e4
- Size
  
  78KB
- MD5
  
  04d5e9376838e75f62c1e3f72036dcd4
- SHA1
  
  dc3c1eebe560105197c9c94a3f317a966381ce59
- SHA256
  
  8ab7d77b0a9fb27d107f98811aa26aa32606df3e9c2868cb207fa33e8a05c8e4
- SHA512
  
  de87d6a909b0e0e1a8ab8452f0bb652918ca2dfdfea31be65dbbc9871e7418b3cbc43f352979512b726a684bc3fe1de291ee2176f25b610277f7f931f377b8a6
Score

10^/10

suricata metamorpherrat rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

metamorpherratratstealersuricatatrojan

© 2018-2024

Terms | Privacy