metamorpherrat | 22faf91d3b1dc13b8d4c8786466e88b252b47717398221d36b8106e741b75234 | Triage

Sharing

General

Target

NEAS.2baac442a51c57d7da37d1db29016c70.exe
Size

78KB
Sample

231022-vtaelscc5x
MD5

2baac442a51c57d7da37d1db29016c70
SHA1

367309259daf5ad257ebe84c083dc7ce82514c1b
SHA256

22faf91d3b1dc13b8d4c8786466e88b252b47717398221d36b8106e741b75234
SHA512

ee99980677f13b4d5ce8a801d6a47985aabf02c3a4ca46d1884e4fdcb64761fcbb3fe2e5a8a1977c910410f585d324bb413c5f43d4881e8d8109c2963b50a9bb
SSDEEP

1536:x4tHHuaJtVpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtd9/91Il:x4tH/3DJywQjDgTLopLwdCFJzd9/c

Score

10^/10

metamorpherrat rat stealer trojan

Malware Config

Targets

- Target
  
  NEAS.2baac442a51c57d7da37d1db29016c70.exe
- Size
  
  78KB
- MD5
  
  2baac442a51c57d7da37d1db29016c70
- SHA1
  
  367309259daf5ad257ebe84c083dc7ce82514c1b
- SHA256
  
  22faf91d3b1dc13b8d4c8786466e88b252b47717398221d36b8106e741b75234
- SHA512
  
  ee99980677f13b4d5ce8a801d6a47985aabf02c3a4ca46d1884e4fdcb64761fcbb3fe2e5a8a1977c910410f585d324bb413c5f43d4881e8d8109c2963b50a9bb
- SSDEEP
  
  1536:x4tHHuaJtVpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtd9/91Il:x4tH/3DJywQjDgTLopLwdCFJzd9/c
Score

10^/10

metamorpherrat rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metamorpherratratstealertrojan

behavioral2

metamorpherratratstealertrojan