Overview

overview

10

Static

static

3

4484fe759b...4N.exe

windows7-x64

10

4484fe759b...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4484fe759be9307b4c3af22949c9fc079d37b401316682e0e4e2a18f24c98c64N

  • Size

    78KB

  • Sample

    241029-g6hd4avkfx

  • MD5

    3be3da337f614dc1ea0697ee3da2f670

  • SHA1

    2757deb690cef71fea6d519d7db774a3fab47888

  • SHA256

    4484fe759be9307b4c3af22949c9fc079d37b401316682e0e4e2a18f24c98c64

  • SHA512

    eaf2896b8c0b5be90d166929e452872c530669f4d94a3c1daffd17a5d17bc96ee8a9999abe9f14781917c952b7fbd272e5466dcd0af01a90cb3f090644781c57

  • SSDEEP

    1536:VStHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQte19/e1k/:VStHFonhASyRxvhTzXPvCbW2Ue19/h

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      4484fe759be9307b4c3af22949c9fc079d37b401316682e0e4e2a18f24c98c64N

    • Size

      78KB

    • MD5

      3be3da337f614dc1ea0697ee3da2f670

    • SHA1

      2757deb690cef71fea6d519d7db774a3fab47888

    • SHA256

      4484fe759be9307b4c3af22949c9fc079d37b401316682e0e4e2a18f24c98c64

    • SHA512

      eaf2896b8c0b5be90d166929e452872c530669f4d94a3c1daffd17a5d17bc96ee8a9999abe9f14781917c952b7fbd272e5466dcd0af01a90cb3f090644781c57

    • SSDEEP

      1536:VStHFo6M7t4XT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQte19/e1k/:VStHFonhASyRxvhTzXPvCbW2Ue19/h

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks