Overview

overview

10

Static

static

3

376dedca7b...cs.exe

windows7-x64

10

376dedca7b...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    376dedca7b965f4e92d716915589dfe0_NeikiAnalytics.exe

  • Size

    78KB

  • Sample

    240522-zjtsqafh61

  • MD5

    376dedca7b965f4e92d716915589dfe0

  • SHA1

    441da49f039e2376cd9d6054bce8ad8f9613239c

  • SHA256

    d57f156c23c0429dc51ccd8d1dfbedb700466ec89ee03c8722bad9df9c182774

  • SHA512

    cb80adaa04be365626feeb046ca411600f92c23700ecb98cdb281cd1e2f181451459278a0bc55ed5f6bd17f51a79b454957832f854352044273ddf838435be77

  • SSDEEP

    1536:1PWV5qLT8hn2Ep7WzPdVj6Ju8B3AZ242UdIAkD4x3HT4hPVoYdVQti6h9/op1pT:1PWV5UE2EwR4uY41HyvYZ9/o

Score
10/10
metamorpherratpersistenceratstealertrojan

Malware Config

Targets

    • Target

      376dedca7b965f4e92d716915589dfe0_NeikiAnalytics.exe

    • Size

      78KB

    • MD5

      376dedca7b965f4e92d716915589dfe0

    • SHA1

      441da49f039e2376cd9d6054bce8ad8f9613239c

    • SHA256

      d57f156c23c0429dc51ccd8d1dfbedb700466ec89ee03c8722bad9df9c182774

    • SHA512

      cb80adaa04be365626feeb046ca411600f92c23700ecb98cdb281cd1e2f181451459278a0bc55ed5f6bd17f51a79b454957832f854352044273ddf838435be77

    • SSDEEP

      1536:1PWV5qLT8hn2Ep7WzPdVj6Ju8B3AZ242UdIAkD4x3HT4hPVoYdVQti6h9/op1pT:1PWV5UE2EwR4uY41HyvYZ9/o

    Score
    10/10
    metamorpherratpersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks