Overview

overview

10

Static

static

3

c789b961b4...cN.exe

windows7-x64

10

c789b961b4...cN.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c789b961b4cefab04ef60090c0b4b1df918965d9832986c0c600c5a80056e26cN

  • Size

    78KB

  • Sample

    241016-3j3x6szara

  • MD5

    ce08c63f5f3bcf42a05f5cdcbfcc5d90

  • SHA1

    07be501257f38bb13a0d47888a6715f478eead8a

  • SHA256

    c789b961b4cefab04ef60090c0b4b1df918965d9832986c0c600c5a80056e26c

  • SHA512

    6c4b7fa0df927186cc6f7470ca20aca456e45ecf7c26397cbf9bcf355d4cc2cf4c3a95673569b3df7354f64d34a747eacd2b80c3bcac8305fd7d7047a7b9164e

  • SSDEEP

    1536:TPCHY6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQt1Y9/o1vp:TPCHY53Ln7N041Qqhg1Y9/k

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      c789b961b4cefab04ef60090c0b4b1df918965d9832986c0c600c5a80056e26cN

    • Size

      78KB

    • MD5

      ce08c63f5f3bcf42a05f5cdcbfcc5d90

    • SHA1

      07be501257f38bb13a0d47888a6715f478eead8a

    • SHA256

      c789b961b4cefab04ef60090c0b4b1df918965d9832986c0c600c5a80056e26c

    • SHA512

      6c4b7fa0df927186cc6f7470ca20aca456e45ecf7c26397cbf9bcf355d4cc2cf4c3a95673569b3df7354f64d34a747eacd2b80c3bcac8305fd7d7047a7b9164e

    • SSDEEP

      1536:TPCHY6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQt1Y9/o1vp:TPCHY53Ln7N041Qqhg1Y9/k

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks