Overview

overview

10

Static

static

3

66827c6a58...cN.exe

windows7-x64

10

66827c6a58...cN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66827c6a5874ef547a8bf87fee7bfadf7426cf19ae14505692b0172b0937f24cN.exe

  • Size

    78KB

  • Sample

    240926-azpfhazejc

  • MD5

    a4b9ce87ed124ebcad9a0e6ee2365140

  • SHA1

    be7f0ec0826529076860c56581e98779d8c8cd80

  • SHA256

    66827c6a5874ef547a8bf87fee7bfadf7426cf19ae14505692b0172b0937f24c

  • SHA512

    d95edae19e140d8bb49280c1472e4e536f133f6808acc388761cf4f53e3a4dbf8d8b0214a5fde4cea5188e1826ff2807546d9d90257cbeb908871662d9fa55e4

  • SSDEEP

    1536:RmWtHFo6uaJtZAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtLu9/o:MWtHFoI3ZAtWDDILJLovbicqOq3o+nLt

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      66827c6a5874ef547a8bf87fee7bfadf7426cf19ae14505692b0172b0937f24cN.exe

    • Size

      78KB

    • MD5

      a4b9ce87ed124ebcad9a0e6ee2365140

    • SHA1

      be7f0ec0826529076860c56581e98779d8c8cd80

    • SHA256

      66827c6a5874ef547a8bf87fee7bfadf7426cf19ae14505692b0172b0937f24c

    • SHA512

      d95edae19e140d8bb49280c1472e4e536f133f6808acc388761cf4f53e3a4dbf8d8b0214a5fde4cea5188e1826ff2807546d9d90257cbeb908871662d9fa55e4

    • SSDEEP

      1536:RmWtHFo6uaJtZAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtLu9/o:MWtHFoI3ZAtWDDILJLovbicqOq3o+nLt

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks