Overview

overview

10

Static

static

3

e49f183ab4...55.exe

windows7-x64

10

e49f183ab4...55.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e49f183ab4d0fa309794be414e582ffdd22c902be9a1786c58cf77f21c62f155

  • Size

    78KB

  • Sample

    240705-ekrpjavbkh

  • MD5

    63ae795f29c5a86d220583f6ad190d7f

  • SHA1

    011fef25f554080cf80ec30dfb3a6089c75247e1

  • SHA256

    e49f183ab4d0fa309794be414e582ffdd22c902be9a1786c58cf77f21c62f155

  • SHA512

    bb341c9a52487ff3f1aa362b5254ef4a737b518d48b11234201eb246932a88bae751eeab181016b767c76aeb4bdb61f4e1c5371736064a069fc1b1419f612d3d

  • SSDEEP

    1536:3hPWV5jSwXT0XRhyRjVf3znOJTv3lcUK/+dWzCP7oYTcSQt96t9/vg11BL:xPWV5jSoSyRxvY3md+dWWZy29/vS

Score
10/10
metamorpherratpersistenceratstealertrojan

Malware Config

Targets

    • Target

      e49f183ab4d0fa309794be414e582ffdd22c902be9a1786c58cf77f21c62f155

    • Size

      78KB

    • MD5

      63ae795f29c5a86d220583f6ad190d7f

    • SHA1

      011fef25f554080cf80ec30dfb3a6089c75247e1

    • SHA256

      e49f183ab4d0fa309794be414e582ffdd22c902be9a1786c58cf77f21c62f155

    • SHA512

      bb341c9a52487ff3f1aa362b5254ef4a737b518d48b11234201eb246932a88bae751eeab181016b767c76aeb4bdb61f4e1c5371736064a069fc1b1419f612d3d

    • SSDEEP

      1536:3hPWV5jSwXT0XRhyRjVf3znOJTv3lcUK/+dWzCP7oYTcSQt96t9/vg11BL:xPWV5jSoSyRxvY3md+dWWZy29/vS

    Score
    10/10
    metamorpherratpersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks