metamorpherrat | 852c2b9cbfcf416bc8c0d770fd7e1cb7af517c208f1e02bedbf1ab2ac6c7f18a | Triage

Sharing

General

Target

852c2b9cbfcf416bc8c0d770fd7e1cb7af517c208f1e02bedbf1ab2ac6c7f18a
Size

78KB
Sample

221023-hvaesahaa5
MD5

ffc69516a66858e500dcc05a39fa3d78
SHA1

806791dd76c2419e5c1ee1c61f661babf2d2bb83
SHA256

852c2b9cbfcf416bc8c0d770fd7e1cb7af517c208f1e02bedbf1ab2ac6c7f18a
SHA512

fa1e052c94236ffdcecadce525a29af2fa6fa6eb48b03f6e9254e1ca36a88ec7c3c7dddbd1e9bce5d4338da5da164870408f03a14111577ad2702fb2fe2ed081
SSDEEP

1536:cRy58MpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtd69v9/S1Zm:cRy58iJywQjDgTLopLwdCFJz+v9/D

Score

10^/10

metamorpherrat rat stealer trojan

Malware Config

Targets

- Target
  
  852c2b9cbfcf416bc8c0d770fd7e1cb7af517c208f1e02bedbf1ab2ac6c7f18a
- Size
  
  78KB
- MD5
  
  ffc69516a66858e500dcc05a39fa3d78
- SHA1
  
  806791dd76c2419e5c1ee1c61f661babf2d2bb83
- SHA256
  
  852c2b9cbfcf416bc8c0d770fd7e1cb7af517c208f1e02bedbf1ab2ac6c7f18a
- SHA512
  
  fa1e052c94236ffdcecadce525a29af2fa6fa6eb48b03f6e9254e1ca36a88ec7c3c7dddbd1e9bce5d4338da5da164870408f03a14111577ad2702fb2fe2ed081
- SSDEEP
  
  1536:cRy58MpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtd69v9/S1Zm:cRy58iJywQjDgTLopLwdCFJz+v9/D
Score

10^/10

metamorpherrat rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metamorpherratratstealertrojan

behavioral2

metamorpherratratstealertrojan