metamorpherrat | e6bbcd209453e016fa8b4e88dd17478239a9b304dbacea80fcaf4ce74bd4043e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

e6bbcd2094...eN.exe

windows7-x64

e6bbcd2094...eN.exe

windows10-2004-x64

Sharing

General

Target

e6bbcd209453e016fa8b4e88dd17478239a9b304dbacea80fcaf4ce74bd4043eN
Size

78KB
Sample

241020-1vmdfssdnc
MD5

40ba47bf897852f9d96c1ad5bec8d870
SHA1

12f0ddc8fa5a8c00b5fa520c7081c413ab298f7a
SHA256

e6bbcd209453e016fa8b4e88dd17478239a9b304dbacea80fcaf4ce74bd4043e
SHA512

f26decd39a1d50d4b90fc1a078cbf9231d5d835ddc7007bea2c3b322c586efa83d04e1ffd4bc508e05791f87bf84a6e8802b2d981dc4361c344978ade1c93d79
SSDEEP

1536:8PWtHFo6uaJtVpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtG9/D1B+:8PWtHFoI3DJywQjDgTLopLwdCFJzG9/y

Score

10^/10

metamorpherrat discovery rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e6bbcd209453e016fa8b4e88dd17478239a9b304dbacea80fcaf4ce74bd4043eN.exe

Resource

win7-20240903-en

metamorpherrat discovery rat stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

e6bbcd209453e016fa8b4e88dd17478239a9b304dbacea80fcaf4ce74bd4043eN.exe

Resource

win10v2004-20241007-en

metamorpherrat discovery rat stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  e6bbcd209453e016fa8b4e88dd17478239a9b304dbacea80fcaf4ce74bd4043eN
- Size
  
  78KB
- MD5
  
  40ba47bf897852f9d96c1ad5bec8d870
- SHA1
  
  12f0ddc8fa5a8c00b5fa520c7081c413ab298f7a
- SHA256
  
  e6bbcd209453e016fa8b4e88dd17478239a9b304dbacea80fcaf4ce74bd4043e
- SHA512
  
  f26decd39a1d50d4b90fc1a078cbf9231d5d835ddc7007bea2c3b322c586efa83d04e1ffd4bc508e05791f87bf84a6e8802b2d981dc4361c344978ade1c93d79
- SSDEEP
  
  1536:8PWtHFo6uaJtVpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtG9/D1B+:8PWtHFoI3DJywQjDgTLopLwdCFJzG9/y
Score

10^/10

metamorpherrat discovery rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metamorpherratdiscoveryratstealertrojan

behavioral2

metamorpherratdiscoveryratstealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.