Overview

overview

10

Static

static

3

4f31e170a2...03.exe

windows7-x64

7

4f31e170a2...03.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f31e170a24517ed898e633b4b2857022d675df3c70e790730e2f392282f1c03

  • Size

    78KB

  • Sample

    240828-1s1s3azeqp

  • MD5

    9acaaf2f6dd77a1c9ea762b1226cf1bf

  • SHA1

    e86ea759204033e7b44d6f77f25a197c2a0ed5b9

  • SHA256

    4f31e170a24517ed898e633b4b2857022d675df3c70e790730e2f392282f1c03

  • SHA512

    29d487d576118ef3d0b26733ce6ed65f062104f09b2c8c354475a213277c197cda1da6a0febcb277533a0c59aa4ddfd6137ad0a649d68bdedc4162a385e8c952

  • SSDEEP

    1536:J5jJXT0XRhyRjVf3znOJTv3lcUK/+dWzCP7oYTcSQtN6f9/91VE:J5j5SyRxvY3md+dWWZy89/C

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      4f31e170a24517ed898e633b4b2857022d675df3c70e790730e2f392282f1c03

    • Size

      78KB

    • MD5

      9acaaf2f6dd77a1c9ea762b1226cf1bf

    • SHA1

      e86ea759204033e7b44d6f77f25a197c2a0ed5b9

    • SHA256

      4f31e170a24517ed898e633b4b2857022d675df3c70e790730e2f392282f1c03

    • SHA512

      29d487d576118ef3d0b26733ce6ed65f062104f09b2c8c354475a213277c197cda1da6a0febcb277533a0c59aa4ddfd6137ad0a649d68bdedc4162a385e8c952

    • SSDEEP

      1536:J5jJXT0XRhyRjVf3znOJTv3lcUK/+dWzCP7oYTcSQtN6f9/91VE:J5j5SyRxvY3md+dWWZy89/C

    Score
    10/10
    discoverypersistencemetamorpherratratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks