Overview

overview

10

Static

static

3

70538328a6...93.exe

windows7-x64

10

70538328a6...93.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbf293b952798dbf3c13ed9571533d70bc35f83af68d4e2647b7de183259228d

  • Size

    57KB

  • Sample

    240908-ccfwysybjm

  • MD5

    1711a97682e0e4038a7e2afe34fca6f9

  • SHA1

    2de2737d334ae770bd7e478bdee71fa8396fc811

  • SHA256

    fbf293b952798dbf3c13ed9571533d70bc35f83af68d4e2647b7de183259228d

  • SHA512

    1cca1c2776360bdd88dc794e6f7f7c6e5ef737a01e5bf36abee2a803485a48ff4846738d3817df2b15e010ec65bc35b079a7e772cd473cf0b255341b6360e9c9

  • SSDEEP

    1536:YBLRxHqKk7rk3WBYB5YZeZv435lWOUO6dqi6lSum:OLRNqKGrk3WBYB5ms4pkpwxAN

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      70538328a6227ae9f7e2015bf4268961bf8a1b8ad5e70ff9183289d381271093.exe

    • Size

      78KB

    • MD5

      dac24be555c602c80489941360a2810f

    • SHA1

      e4e283e68ace2e3282a1eb87f9692a0c4020a3b9

    • SHA256

      70538328a6227ae9f7e2015bf4268961bf8a1b8ad5e70ff9183289d381271093

    • SHA512

      3447c46f54c26c05cd8e3bd0b89a5ed1534430c2bf2466a8355e043abe01747c2bd21ff3eb0a449df29354ba87905848cd89e8e16fcc995a328a68a038282504

    • SSDEEP

      1536:BcuHFo6uaJtZAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtLo9/E5:SuHFoI3ZAtWDDILJLovbicqOq3o+nLoO

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks