Overview

overview

10

Static

static

3

e3b0bb89ce...f1.exe

windows7-x64

7

e3b0bb89ce...f1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3b0bb89cedcc9ccbf3c652bfa3f92d7e25cb48ca1edc3369cfed17f7080fcf1

  • Size

    78KB

  • Sample

    240908-dynz5atajq

  • MD5

    80160fd6da186b73a898629e22c2d10c

  • SHA1

    69f2939c2d21226d2c64f82bfd7d15ba3df43246

  • SHA256

    e3b0bb89cedcc9ccbf3c652bfa3f92d7e25cb48ca1edc3369cfed17f7080fcf1

  • SHA512

    e9518cbf8efc9bb949ca1a5368444cfa8cb4ff22399cda15abd55b41d85a8bf084df366d42e7a06140cf0e5e9c65b9d5f6e201bd9c69b622f1303bd04d343800

  • SSDEEP

    1536:BStHHM7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQte39/f1gB:BStHshASyRxvhTzXPvCbW2Ue39/2

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      e3b0bb89cedcc9ccbf3c652bfa3f92d7e25cb48ca1edc3369cfed17f7080fcf1

    • Size

      78KB

    • MD5

      80160fd6da186b73a898629e22c2d10c

    • SHA1

      69f2939c2d21226d2c64f82bfd7d15ba3df43246

    • SHA256

      e3b0bb89cedcc9ccbf3c652bfa3f92d7e25cb48ca1edc3369cfed17f7080fcf1

    • SHA512

      e9518cbf8efc9bb949ca1a5368444cfa8cb4ff22399cda15abd55b41d85a8bf084df366d42e7a06140cf0e5e9c65b9d5f6e201bd9c69b622f1303bd04d343800

    • SSDEEP

      1536:BStHHM7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQte39/f1gB:BStHshASyRxvhTzXPvCbW2Ue39/2

    Score
    10/10
    discoverypersistencemetamorpherratratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks