Overview

overview

10

Static

static

3

f1d7b40c07...0N.exe

windows7-x64

10

f1d7b40c07...0N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1d7b40c07659c1ab1bc0217af8f88c0N.exe

  • Size

    78KB

  • Sample

    240804-slxh3ayajm

  • MD5

    f1d7b40c07659c1ab1bc0217af8f88c0

  • SHA1

    73dfa2b94dc7c5722f19e8ec8137345512d2f4f4

  • SHA256

    787c2bc4bbc6d3415695ce75f1a05ae294de8c55030b0cce6d3051f3ff1452c4

  • SHA512

    bdcb78bc7641eb40c728803c979ae5a24c94dff757cdeae008b775d77c55b1ccc515ff3bc3c9d9583344e952ff8b843fd390bc24d7603627909c2c4b674b7a67

  • SSDEEP

    1536:wHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQt1H9/Yp1gj:wHFonhASyRxvhTzXPvCbW2U1H9/3

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      f1d7b40c07659c1ab1bc0217af8f88c0N.exe

    • Size

      78KB

    • MD5

      f1d7b40c07659c1ab1bc0217af8f88c0

    • SHA1

      73dfa2b94dc7c5722f19e8ec8137345512d2f4f4

    • SHA256

      787c2bc4bbc6d3415695ce75f1a05ae294de8c55030b0cce6d3051f3ff1452c4

    • SHA512

      bdcb78bc7641eb40c728803c979ae5a24c94dff757cdeae008b775d77c55b1ccc515ff3bc3c9d9583344e952ff8b843fd390bc24d7603627909c2c4b674b7a67

    • SSDEEP

      1536:wHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQt1H9/Yp1gj:wHFonhASyRxvhTzXPvCbW2U1H9/3

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks