Overview

overview

10

Static

static

3

011d48ebda...0N.exe

windows7-x64

10

011d48ebda...0N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    011d48ebda85ead35a26878219d27f80N

  • Size

    78KB

  • Sample

    240909-1r8saasckj

  • MD5

    011d48ebda85ead35a26878219d27f80

  • SHA1

    b3f990e4a2015906c581085063a6f8ca573acf9b

  • SHA256

    94b64afb1f31375e56443d2aafe169e6f837565d929727039c6631b06fb206f9

  • SHA512

    545a62a1e667cd591269c4885efa0361f3778bc0bd5e57a8cc422bae0f0285b8f392a48049a162be975f3ed6e8e7ad9e5020643dca454a1209f8f0bfe29adb54

  • SSDEEP

    1536:PBWV5jSfAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9Qti6N9/2m1BV:JWV5jSfAtWDDILJLovbicqOq3o+nl9/F

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      011d48ebda85ead35a26878219d27f80N

    • Size

      78KB

    • MD5

      011d48ebda85ead35a26878219d27f80

    • SHA1

      b3f990e4a2015906c581085063a6f8ca573acf9b

    • SHA256

      94b64afb1f31375e56443d2aafe169e6f837565d929727039c6631b06fb206f9

    • SHA512

      545a62a1e667cd591269c4885efa0361f3778bc0bd5e57a8cc422bae0f0285b8f392a48049a162be975f3ed6e8e7ad9e5020643dca454a1209f8f0bfe29adb54

    • SSDEEP

      1536:PBWV5jSfAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9Qti6N9/2m1BV:JWV5jSfAtWDDILJLovbicqOq3o+nl9/F

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks