Overview

overview

10

Static

static

3

9bde6ba2e8...0N.exe

windows7-x64

10

9bde6ba2e8...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9bde6ba2e8833d07c89b6ec3c5fdec60N.exe

  • Size

    78KB

  • Sample

    240821-ldn4dsvbjj

  • MD5

    9bde6ba2e8833d07c89b6ec3c5fdec60

  • SHA1

    c3e5161e723475c9bbb752977f80829087832048

  • SHA256

    dbfb82bf6a221077de349e566df83f95c18c8c8d746b0038d4bc578423f7f687

  • SHA512

    4588c26ca8a8d468c307c1a1084c324175471b6d34bdafab7735b2264789dcff605f0b40857848662a70e0a45ffbb9bf9bb881fd5c42f397178a6cc5fc6dadac

  • SSDEEP

    1536:XMCHY6uaJtZAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtJ9/Q1bF:cCHYI3ZAtWDDILJLovbicqOq3o+nJ9/U

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      9bde6ba2e8833d07c89b6ec3c5fdec60N.exe

    • Size

      78KB

    • MD5

      9bde6ba2e8833d07c89b6ec3c5fdec60

    • SHA1

      c3e5161e723475c9bbb752977f80829087832048

    • SHA256

      dbfb82bf6a221077de349e566df83f95c18c8c8d746b0038d4bc578423f7f687

    • SHA512

      4588c26ca8a8d468c307c1a1084c324175471b6d34bdafab7735b2264789dcff605f0b40857848662a70e0a45ffbb9bf9bb881fd5c42f397178a6cc5fc6dadac

    • SSDEEP

      1536:XMCHY6uaJtZAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtJ9/Q1bF:cCHYI3ZAtWDDILJLovbicqOq3o+nJ9/U

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks