Overview

overview

10

Static

static

3

221aa91049...0N.exe

windows7-x64

10

221aa91049...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    221aa910497fb791cf398ad9b1585350N

  • Size

    78KB

  • Sample

    240826-jkahgasfla

  • MD5

    221aa910497fb791cf398ad9b1585350

  • SHA1

    92778dbf4f441af13bb491f07d635eb6fc15936c

  • SHA256

    8268127f78ce2c543e0eab576c4496cb1bd179503ae2b07d4107ff05d879f400

  • SHA512

    ca648ef8826a846d06fd882e8c9e15d23a66e0b3c7f9c479689dfab037a82e74b02837dbe00f521878e231f6c52d3e8f9db8e7b2209c9d34dabf7ab6272d9e84

  • SSDEEP

    1536:rV5jSVdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtN6U9/Gd1lc:rV5jSAn7N041Qqhgr9//

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      221aa910497fb791cf398ad9b1585350N

    • Size

      78KB

    • MD5

      221aa910497fb791cf398ad9b1585350

    • SHA1

      92778dbf4f441af13bb491f07d635eb6fc15936c

    • SHA256

      8268127f78ce2c543e0eab576c4496cb1bd179503ae2b07d4107ff05d879f400

    • SHA512

      ca648ef8826a846d06fd882e8c9e15d23a66e0b3c7f9c479689dfab037a82e74b02837dbe00f521878e231f6c52d3e8f9db8e7b2209c9d34dabf7ab6272d9e84

    • SSDEEP

      1536:rV5jSVdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtN6U9/Gd1lc:rV5jSAn7N041Qqhgr9//

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks