Overview

overview

10

Static

static

3

0c5b98ae70...0N.exe

windows7-x64

7

0c5b98ae70...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c5b98ae70f9db208724064db636eca0N.exe

  • Size

    78KB

  • Sample

    240731-156vva1cra

  • MD5

    0c5b98ae70f9db208724064db636eca0

  • SHA1

    3b1e9ba98cbd5ec5dd852e11826c25027f50da3b

  • SHA256

    c64083de3520f6b4ac42fdc69586fd126361d43ff766df7be13ca020c3a18caa

  • SHA512

    379ba84e87dc883b0af44189d458ea7a4ba15f306e49a25b08ab3c1d0e49df3228b1814d2b3f8245b12a14b6b7c2469306e2030c672648f6e66ac2bbc56d612f

  • SSDEEP

    1536:9c5jSeXT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQtC6a9/21aS:9c5jSWSyRxvhTzXPvCbW2US9/C

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      0c5b98ae70f9db208724064db636eca0N.exe

    • Size

      78KB

    • MD5

      0c5b98ae70f9db208724064db636eca0

    • SHA1

      3b1e9ba98cbd5ec5dd852e11826c25027f50da3b

    • SHA256

      c64083de3520f6b4ac42fdc69586fd126361d43ff766df7be13ca020c3a18caa

    • SHA512

      379ba84e87dc883b0af44189d458ea7a4ba15f306e49a25b08ab3c1d0e49df3228b1814d2b3f8245b12a14b6b7c2469306e2030c672648f6e66ac2bbc56d612f

    • SSDEEP

      1536:9c5jSeXT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQtC6a9/21aS:9c5jSWSyRxvhTzXPvCbW2US9/C

    Score
    10/10
    discoverypersistencemetamorpherratratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks