Overview

overview

10

Static

static

3

39c687ffdd...0N.exe

windows7-x64

7

39c687ffdd...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    39c687ffdd0194688191eaeaa6f75bf0N.exe

  • Size

    78KB

  • Sample

    240823-al8bfsxhkn

  • MD5

    39c687ffdd0194688191eaeaa6f75bf0

  • SHA1

    55dc969fc9bfcfcd0b218bba6fd2ec3116084d9d

  • SHA256

    796f96cf5a48f8cb210ca695c2d0c23d3aaa4174f982c65764b93179707012df

  • SHA512

    0f89d35d2e39f9f967c790f3793404bc43ede4af4b4c56c56cd9824f140785d56f48569c23ff03b9d092a5724be70953144470e0940ff833d3f53db53e8aed42

  • SSDEEP

    1536:/WtHF3M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQtE9//1qS:/WtHF8hASyRxvhTzXPvCbW2UE9/P

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      39c687ffdd0194688191eaeaa6f75bf0N.exe

    • Size

      78KB

    • MD5

      39c687ffdd0194688191eaeaa6f75bf0

    • SHA1

      55dc969fc9bfcfcd0b218bba6fd2ec3116084d9d

    • SHA256

      796f96cf5a48f8cb210ca695c2d0c23d3aaa4174f982c65764b93179707012df

    • SHA512

      0f89d35d2e39f9f967c790f3793404bc43ede4af4b4c56c56cd9824f140785d56f48569c23ff03b9d092a5724be70953144470e0940ff833d3f53db53e8aed42

    • SSDEEP

      1536:/WtHF3M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQtE9//1qS:/WtHF8hASyRxvhTzXPvCbW2UE9/P

    Score
    10/10
    discoverypersistencemetamorpherratratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks