Overview

overview

10

Static

static

3

a2a892e319...4N.exe

windows7-x64

10

a2a892e319...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2a892e31942da94a11a07b664c0595582aecf4978601f0dab6ed827f2fe43b4N.exe

  • Size

    78KB

  • Sample

    240924-wr6wgaxckq

  • MD5

    2c1c65fc4b4f4ad4aa71b3fe28142210

  • SHA1

    42c97c0a183096d4cc2b82df8c0eeccbda43bf26

  • SHA256

    a2a892e31942da94a11a07b664c0595582aecf4978601f0dab6ed827f2fe43b4

  • SHA512

    84918f1e9bd0d97f31224b9b7ffe89ae5267b1728b97ba73efc3c9e68db3db15ac42ef287e223b5535a842faa099851195071389120ab5b00dfa5a0cb42a0103

  • SSDEEP

    1536:FtHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQt3H9/VX1+E:FtHFonhASyRxvhTzXPvCbW2U39/r

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      a2a892e31942da94a11a07b664c0595582aecf4978601f0dab6ed827f2fe43b4N.exe

    • Size

      78KB

    • MD5

      2c1c65fc4b4f4ad4aa71b3fe28142210

    • SHA1

      42c97c0a183096d4cc2b82df8c0eeccbda43bf26

    • SHA256

      a2a892e31942da94a11a07b664c0595582aecf4978601f0dab6ed827f2fe43b4

    • SHA512

      84918f1e9bd0d97f31224b9b7ffe89ae5267b1728b97ba73efc3c9e68db3db15ac42ef287e223b5535a842faa099851195071389120ab5b00dfa5a0cb42a0103

    • SSDEEP

      1536:FtHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQt3H9/VX1+E:FtHFonhASyRxvhTzXPvCbW2U39/r

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks