Overview

overview

10

Static

static

3

f3b5be2340...2a.exe

windows7-x64

10

f3b5be2340...2a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f3b5be2340ed7b4b48c926acb80d71f62d510cc5565a47ef5d28233e14fb5b2a

  • Size

    78KB

  • Sample

    240629-fl79cavbkr

  • MD5

    5f1afc1948e124dc5a193b8401c140c0

  • SHA1

    4ebf03bdeea074f797a06f1ea04d5d0ac2e90373

  • SHA256

    f3b5be2340ed7b4b48c926acb80d71f62d510cc5565a47ef5d28233e14fb5b2a

  • SHA512

    6275a84ea39267fef489964d0ce3d6667a06d7620d9b9cd7545dc40bde79a5fa9b26b4a5280fb4fc564abe4c9ca8e557d42ad84dc4644d7a2c10b3bf2f60519f

  • SSDEEP

    1536:6c58ddy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQty6Z9/t1Pd:6c58In7N041Qqhgx9/l

Score
10/10
metamorpherratpersistenceratstealertrojan

Malware Config

Targets

    • Target

      f3b5be2340ed7b4b48c926acb80d71f62d510cc5565a47ef5d28233e14fb5b2a

    • Size

      78KB

    • MD5

      5f1afc1948e124dc5a193b8401c140c0

    • SHA1

      4ebf03bdeea074f797a06f1ea04d5d0ac2e90373

    • SHA256

      f3b5be2340ed7b4b48c926acb80d71f62d510cc5565a47ef5d28233e14fb5b2a

    • SHA512

      6275a84ea39267fef489964d0ce3d6667a06d7620d9b9cd7545dc40bde79a5fa9b26b4a5280fb4fc564abe4c9ca8e557d42ad84dc4644d7a2c10b3bf2f60519f

    • SSDEEP

      1536:6c58ddy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQty6Z9/t1Pd:6c58In7N041Qqhgx9/l

    Score
    10/10
    metamorpherratpersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks