Overview

overview

10

Static

static

3

55eeaa7c69...1N.exe

windows7-x64

7

55eeaa7c69...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55eeaa7c696c0c4055bee9b8b50c9be9110d6b9cdc60c953b34fb2f94ced4d21N

  • Size

    78KB

  • Sample

    240919-mxgzvsvflr

  • MD5

    8112e15a8c0344f48465bd7b587f2430

  • SHA1

    bfc0e8d7df97fd4d034d24849490437a3c2a7701

  • SHA256

    55eeaa7c696c0c4055bee9b8b50c9be9110d6b9cdc60c953b34fb2f94ced4d21

  • SHA512

    62dccec34fbbad6cdd484ea8213de5e38b0bbda6754b0e454ce9f140a7d26b3d0dfcd8d60d6326c063092174bc7fbb80373557cb5cbb7f4a01341a2b1c613514

  • SSDEEP

    1536:Sc4tHFo6uaJtZAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtT9/JL:h4tHFoI3ZAtWDDILJLovbicqOq3o+nT7

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      55eeaa7c696c0c4055bee9b8b50c9be9110d6b9cdc60c953b34fb2f94ced4d21N

    • Size

      78KB

    • MD5

      8112e15a8c0344f48465bd7b587f2430

    • SHA1

      bfc0e8d7df97fd4d034d24849490437a3c2a7701

    • SHA256

      55eeaa7c696c0c4055bee9b8b50c9be9110d6b9cdc60c953b34fb2f94ced4d21

    • SHA512

      62dccec34fbbad6cdd484ea8213de5e38b0bbda6754b0e454ce9f140a7d26b3d0dfcd8d60d6326c063092174bc7fbb80373557cb5cbb7f4a01341a2b1c613514

    • SSDEEP

      1536:Sc4tHFo6uaJtZAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtT9/JL:h4tHFoI3ZAtWDDILJLovbicqOq3o+nT7

    Score
    10/10
    discoverypersistencemetamorpherratratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks