metamorpherrat | c9639ea18ab5b8d22599884c025474dd5d1e8a8b86ce64ef6e7f531861210397 | Triage

Sharing

General

Target

c516f4ea1d63d75b0eaf0a1db02a3530
Size

78KB
Sample

240313-f5xxqadg6s
MD5

c516f4ea1d63d75b0eaf0a1db02a3530
SHA1

f2d3bb4d1d31c315797513b64454d6e12c0a95e2
SHA256

c9639ea18ab5b8d22599884c025474dd5d1e8a8b86ce64ef6e7f531861210397
SHA512

420022d4a20a96f15d10ab59a3de08545149e872637237d7bc3574790bb5e92883bbf449eda5880bb4fe4a59650a1fc0230a69358c846862b612dd2733193ebb
SSDEEP

1536:PuHY6uaJtVpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtLb9/x1JP:PuHYI3DJywQjDgTLopLwdCFJzLb9/9

Score

10^/10

metamorpherrat rat stealer trojan

Malware Config

Targets

- Target
  
  c516f4ea1d63d75b0eaf0a1db02a3530
- Size
  
  78KB
- MD5
  
  c516f4ea1d63d75b0eaf0a1db02a3530
- SHA1
  
  f2d3bb4d1d31c315797513b64454d6e12c0a95e2
- SHA256
  
  c9639ea18ab5b8d22599884c025474dd5d1e8a8b86ce64ef6e7f531861210397
- SHA512
  
  420022d4a20a96f15d10ab59a3de08545149e872637237d7bc3574790bb5e92883bbf449eda5880bb4fe4a59650a1fc0230a69358c846862b612dd2733193ebb
- SSDEEP
  
  1536:PuHY6uaJtVpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtLb9/x1JP:PuHYI3DJywQjDgTLopLwdCFJzLb9/9
Score

10^/10

metamorpherrat rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

metamorpherratratstealertrojan