Overview

overview

10

Static

static

3

9f8455cfe0...cN.exe

windows7-x64

10

9f8455cfe0...cN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f8455cfe072f34e23e35a8a542d177665a4301f2b139f399607d6d0d9470d5cN

  • Size

    78KB

  • Sample

    241019-sca9gaterj

  • MD5

    a9b12f41d2efd93bba14633643e78510

  • SHA1

    24030cc0732b1db95e6d8a0f7806ce2942aeaeac

  • SHA256

    9f8455cfe072f34e23e35a8a542d177665a4301f2b139f399607d6d0d9470d5c

  • SHA512

    f34792304ebec93288718e1f7426966e7bfda18d2a2565a08a3cf4322634a8d17b6a52b7a77c604d4f54ee21ff2dad68b1ef6a1c984cc17ca27d49a430c75b17

  • SSDEEP

    1536:Hc5Ody0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6u9/Ph187:Hc55n7N041QqhgW9/u

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      9f8455cfe072f34e23e35a8a542d177665a4301f2b139f399607d6d0d9470d5cN

    • Size

      78KB

    • MD5

      a9b12f41d2efd93bba14633643e78510

    • SHA1

      24030cc0732b1db95e6d8a0f7806ce2942aeaeac

    • SHA256

      9f8455cfe072f34e23e35a8a542d177665a4301f2b139f399607d6d0d9470d5c

    • SHA512

      f34792304ebec93288718e1f7426966e7bfda18d2a2565a08a3cf4322634a8d17b6a52b7a77c604d4f54ee21ff2dad68b1ef6a1c984cc17ca27d49a430c75b17

    • SSDEEP

      1536:Hc5Ody0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6u9/Ph187:Hc55n7N041QqhgW9/u

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks