metamorpherrat | 72ce8e5a46f7525f4aeaa868dac5ca3c695800b3265be1e78dd5484e783307cd | Triage

Sharing

General

Target

NEAS.911691472533386c3ea0106605442650.exe
Size

78KB
Sample

231101-c4jf6ahc8x
MD5

911691472533386c3ea0106605442650
SHA1

e2cc04c48fdeba9295dcc414904d7848f5884558
SHA256

72ce8e5a46f7525f4aeaa868dac5ca3c695800b3265be1e78dd5484e783307cd
SHA512

3fd42ac15afcd3f4062d34bfd596901e413177d848e5e956ed3a08080f330a17f3ace64996c722b9455372840519d1d31a4f136a732164ce21ba9a5c4a2125f9
SSDEEP

1536:OVe58DpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtt619/0E1gt:Ge589JywQjDgTLopLwdCFJza9/s

Score

10^/10

metamorpherrat rat stealer trojan

Malware Config

Targets

- Target
  
  NEAS.911691472533386c3ea0106605442650.exe
- Size
  
  78KB
- MD5
  
  911691472533386c3ea0106605442650
- SHA1
  
  e2cc04c48fdeba9295dcc414904d7848f5884558
- SHA256
  
  72ce8e5a46f7525f4aeaa868dac5ca3c695800b3265be1e78dd5484e783307cd
- SHA512
  
  3fd42ac15afcd3f4062d34bfd596901e413177d848e5e956ed3a08080f330a17f3ace64996c722b9455372840519d1d31a4f136a732164ce21ba9a5c4a2125f9
- SSDEEP
  
  1536:OVe58DpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtt619/0E1gt:Ge589JywQjDgTLopLwdCFJza9/s
Score

10^/10

metamorpherrat rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metamorpherratratstealertrojan

behavioral2

metamorpherratratstealertrojan