Overview

overview

10

Static

static

3

e9444bb6cf...0N.exe

windows7-x64

10

e9444bb6cf...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e9444bb6cffddf95dcea5bf22d34e410N.exe

  • Size

    78KB

  • Sample

    240715-q94k6swgqg

  • MD5

    e9444bb6cffddf95dcea5bf22d34e410

  • SHA1

    4169ea09b6b7d574309f6db8bf915ff3dbf11b82

  • SHA256

    50952bb0a82c4d832c08ec8fdf7b39f76e1f60816702915f0c9d0d4011309399

  • SHA512

    4694b72092befcde0464a37783199b7703c1027b59e552aeb9760afe1a94b87503b43d755b1f25fab8477a256065c708c0132c7cea3e335dc35af17d2a00e910

  • SSDEEP

    1536:iWtHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQteZX9/II1Uq:iWtHFonhASyRxvhTzXPvCbW2UeZX9/l

Score
10/10
metamorpherratpersistenceratstealertrojan

Malware Config

Targets

    • Target

      e9444bb6cffddf95dcea5bf22d34e410N.exe

    • Size

      78KB

    • MD5

      e9444bb6cffddf95dcea5bf22d34e410

    • SHA1

      4169ea09b6b7d574309f6db8bf915ff3dbf11b82

    • SHA256

      50952bb0a82c4d832c08ec8fdf7b39f76e1f60816702915f0c9d0d4011309399

    • SHA512

      4694b72092befcde0464a37783199b7703c1027b59e552aeb9760afe1a94b87503b43d755b1f25fab8477a256065c708c0132c7cea3e335dc35af17d2a00e910

    • SSDEEP

      1536:iWtHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQteZX9/II1Uq:iWtHFonhASyRxvhTzXPvCbW2UeZX9/l

    Score
    10/10
    metamorpherratpersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks