Overview

overview

10

Static

static

3

b92257549f...0N.exe

windows7-x64

10

b92257549f...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b92257549f52ca37ba4c77bc010a0a20N.exe

  • Size

    78KB

  • Sample

    240715-k8eyjayfnr

  • MD5

    b92257549f52ca37ba4c77bc010a0a20

  • SHA1

    02a52d59fa8c30e5f36076b961ee647e03a46adc

  • SHA256

    c17b02b4c591c5d7a2bcf28a554eb5723804c17ef7f3a930fa1835180122bbde

  • SHA512

    143007afcd1ef2d79a7ca60e0498f29e54cb8537f97c4221c41076c74a57f1b3cb40680031620ee9df19da170516e285f1d4642a0c0f13c7bbd406635282b426

  • SSDEEP

    1536:8RCHY6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQteKt9/y1FY:8RCHY53Ln7N041QqhgeKt9/h

Score
10/10
metamorpherratpersistenceratstealertrojan

Malware Config

Targets

    • Target

      b92257549f52ca37ba4c77bc010a0a20N.exe

    • Size

      78KB

    • MD5

      b92257549f52ca37ba4c77bc010a0a20

    • SHA1

      02a52d59fa8c30e5f36076b961ee647e03a46adc

    • SHA256

      c17b02b4c591c5d7a2bcf28a554eb5723804c17ef7f3a930fa1835180122bbde

    • SHA512

      143007afcd1ef2d79a7ca60e0498f29e54cb8537f97c4221c41076c74a57f1b3cb40680031620ee9df19da170516e285f1d4642a0c0f13c7bbd406635282b426

    • SSDEEP

      1536:8RCHY6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQteKt9/y1FY:8RCHY53Ln7N041QqhgeKt9/h

    Score
    10/10
    metamorpherratpersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks