Overview

overview

10

Static

static

3

8b4293300d...aN.exe

windows7-x64

7

8b4293300d...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b4293300d07b8d98286171703a109be5bdb665dee347645605063ce4628ed1aN

  • Size

    78KB

  • Sample

    240918-br661swark

  • MD5

    e2979c4c2b3e7c1035a2161052d9bc50

  • SHA1

    c55b932857c6e78702bd5e01638ec48e1349905c

  • SHA256

    8b4293300d07b8d98286171703a109be5bdb665dee347645605063ce4628ed1a

  • SHA512

    1b584fc91c10bb604eb79d86374b6091a914b6f0eeb9412c69de9ae9206f6b97096e3f9d0a28f5f89360a97b52dd9600fcc6c61f5308b58eeb12b79c972d00e8

  • SSDEEP

    1536:eHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQtRH9/g10t:eHFonhASyRxvhTzXPvCbW2URH9/1

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      8b4293300d07b8d98286171703a109be5bdb665dee347645605063ce4628ed1aN

    • Size

      78KB

    • MD5

      e2979c4c2b3e7c1035a2161052d9bc50

    • SHA1

      c55b932857c6e78702bd5e01638ec48e1349905c

    • SHA256

      8b4293300d07b8d98286171703a109be5bdb665dee347645605063ce4628ed1a

    • SHA512

      1b584fc91c10bb604eb79d86374b6091a914b6f0eeb9412c69de9ae9206f6b97096e3f9d0a28f5f89360a97b52dd9600fcc6c61f5308b58eeb12b79c972d00e8

    • SSDEEP

      1536:eHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQtRH9/g10t:eHFonhASyRxvhTzXPvCbW2URH9/1

    Score
    10/10
    discoverypersistencemetamorpherratratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks