metamorpherrat | 0901b56f2ef0b9157f809033765fb69a54da3edb67abf86578d77d24a77e917c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0901b56f2ef0b9157f809033765fb69a54da3edb67abf86578d77d24a77e917c_NeikiAnalytics.exe
Size

78KB
Sample

240627-vfwexs1apb
MD5

372039a9220b018d8485a1d7a493bfe0
SHA1

32165ec6428ea8dbf405b64cab9441d9a917002c
SHA256

0901b56f2ef0b9157f809033765fb69a54da3edb67abf86578d77d24a77e917c
SHA512

c1c306e0944ca391c3345aa0a44d3e224b24cb1cebac23489f64fd9e2e6f600aaa52d08f1d05a9acd0ffb4d7190a24f78b7fbbf94bb49f7780bdf885e3b6cd4a
SSDEEP

1536:TCHY6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtRU9/O19j:TCHY53Ln7N041QqhgRU9/O

Score

10^/10

metamorpherrat persistence rat stealer trojan

Malware Config

Targets

- Target
  
  0901b56f2ef0b9157f809033765fb69a54da3edb67abf86578d77d24a77e917c_NeikiAnalytics.exe
- Size
  
  78KB
- MD5
  
  372039a9220b018d8485a1d7a493bfe0
- SHA1
  
  32165ec6428ea8dbf405b64cab9441d9a917002c
- SHA256
  
  0901b56f2ef0b9157f809033765fb69a54da3edb67abf86578d77d24a77e917c
- SHA512
  
  c1c306e0944ca391c3345aa0a44d3e224b24cb1cebac23489f64fd9e2e6f600aaa52d08f1d05a9acd0ffb4d7190a24f78b7fbbf94bb49f7780bdf885e3b6cd4a
- SSDEEP
  
  1536:TCHY6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtRU9/O19j:TCHY53Ln7N041QqhgRU9/O
Score

10^/10

metamorpherrat persistence rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metamorpherratpersistenceratstealertrojan

behavioral2

metamorpherratpersistenceratstealertrojan