Overview

overview

10

Static

static

3

4134fec4f1...0N.exe

windows7-x64

10

4134fec4f1...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4134fec4f1dea5f960c92df7cb899440N.exe

  • Size

    78KB

  • Sample

    240906-ltyyjazbpn

  • MD5

    4134fec4f1dea5f960c92df7cb899440

  • SHA1

    20e0fcbb1e8edcc470299f30b1c217d654bebf7b

  • SHA256

    affb6d33aaa59248226e5c65f6193221fc3d60987dcd3375b740016c38d8f1c0

  • SHA512

    629c1785eecf9ec9d81eb405ec417dbfc9a0380c7fa1d5fcbc2db8dbceb034263a755c0648421a6761bd4718cbe75e6314c84d1d2487921afdf4687b63c15d2d

  • SSDEEP

    1536:wPCHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQto9/H1IJ:wPCHFonhASyRxvhTzXPvCbW2Uo9/m

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      4134fec4f1dea5f960c92df7cb899440N.exe

    • Size

      78KB

    • MD5

      4134fec4f1dea5f960c92df7cb899440

    • SHA1

      20e0fcbb1e8edcc470299f30b1c217d654bebf7b

    • SHA256

      affb6d33aaa59248226e5c65f6193221fc3d60987dcd3375b740016c38d8f1c0

    • SHA512

      629c1785eecf9ec9d81eb405ec417dbfc9a0380c7fa1d5fcbc2db8dbceb034263a755c0648421a6761bd4718cbe75e6314c84d1d2487921afdf4687b63c15d2d

    • SSDEEP

      1536:wPCHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQto9/H1IJ:wPCHFonhASyRxvhTzXPvCbW2Uo9/m

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks