Overview

overview

10

Static

static

3

2188d54979...dN.exe

windows7-x64

10

2188d54979...dN.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2188d5497980aaf859f208f45cb7111365301967dc2f93fe1f2b5263a8b4ab5dN

  • Size

    78KB

  • Sample

    241029-f3mc7stndq

  • MD5

    835e65b1480a66868a104d77b9c4ef30

  • SHA1

    3101e4fba324264700712ab7f182135e9afb4865

  • SHA256

    2188d5497980aaf859f208f45cb7111365301967dc2f93fe1f2b5263a8b4ab5d

  • SHA512

    81ba04f163250178724093a3105f1483947285ce8bd368cc43112f65a6ba84d067f3dec94fa54cd4f60477648ad48c2a6a75edf06a6c16524c73cb21a87d9afb

  • SSDEEP

    1536:9Ty58xAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9Qti6Y9/yj1FD:hy58xAtWDDILJLovbicqOq3o+nQ9/Y

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      2188d5497980aaf859f208f45cb7111365301967dc2f93fe1f2b5263a8b4ab5dN

    • Size

      78KB

    • MD5

      835e65b1480a66868a104d77b9c4ef30

    • SHA1

      3101e4fba324264700712ab7f182135e9afb4865

    • SHA256

      2188d5497980aaf859f208f45cb7111365301967dc2f93fe1f2b5263a8b4ab5d

    • SHA512

      81ba04f163250178724093a3105f1483947285ce8bd368cc43112f65a6ba84d067f3dec94fa54cd4f60477648ad48c2a6a75edf06a6c16524c73cb21a87d9afb

    • SSDEEP

      1536:9Ty58xAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9Qti6Y9/yj1FD:hy58xAtWDDILJLovbicqOq3o+nQ9/Y

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks