Overview

overview

10

Static

static

3

a0b147e325...eN.exe

windows7-x64

10

a0b147e325...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a0b147e32515025bdeff6ff73269866087184d18eb5f340d2c9f24df326a574eN

  • Size

    78KB

  • Sample

    241016-tgadeayaqd

  • MD5

    a65c69d42cc4f3c745b06cb637fb4e10

  • SHA1

    2ad3690ac16f708eb6ba306aa24b981b193191c0

  • SHA256

    a0b147e32515025bdeff6ff73269866087184d18eb5f340d2c9f24df326a574e

  • SHA512

    c26b9c888c5776036d3ee80bfda06d8e5fb0343560e3735e598875a43a92d7cdc171c9bafa93706023f0bb6a3b8d30b7b9636fd8ce6f67aa3b4872e89181505d

  • SSDEEP

    1536:Vy58AXT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQtN6B9/u1y0:Vy584SyRxvhTzXPvCbW2U69/Q

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      a0b147e32515025bdeff6ff73269866087184d18eb5f340d2c9f24df326a574eN

    • Size

      78KB

    • MD5

      a65c69d42cc4f3c745b06cb637fb4e10

    • SHA1

      2ad3690ac16f708eb6ba306aa24b981b193191c0

    • SHA256

      a0b147e32515025bdeff6ff73269866087184d18eb5f340d2c9f24df326a574e

    • SHA512

      c26b9c888c5776036d3ee80bfda06d8e5fb0343560e3735e598875a43a92d7cdc171c9bafa93706023f0bb6a3b8d30b7b9636fd8ce6f67aa3b4872e89181505d

    • SSDEEP

      1536:Vy58AXT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQtN6B9/u1y0:Vy584SyRxvhTzXPvCbW2U69/Q

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks