Overview

overview

10

Static

static

3

903a496a5b...5N.exe

windows7-x64

10

903a496a5b...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    903a496a5b8aff1a62ddd1d0a463dbbd394cfd6569f9eba2c13017d1cd515965N

  • Size

    78KB

  • Sample

    241101-zljerstkfz

  • MD5

    6ee41d87f850fd8a6b9fb36c65c29e30

  • SHA1

    74fef52fc86016b6305e420406310b52d20d0508

  • SHA256

    903a496a5b8aff1a62ddd1d0a463dbbd394cfd6569f9eba2c13017d1cd515965

  • SHA512

    23e49194893bd59096b382289e0f7d31da762e91fd5afc95f9ed931cf6846db5827bed69324a3642941fd1aa6f2a402f01332090c34105c1b8bc82f2834d6f57

  • SSDEEP

    1536:Uiy5jSuAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtM6w9/v1aM:ty5jSuAtWDDILJLovbicqOq3o+nO9/p

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      903a496a5b8aff1a62ddd1d0a463dbbd394cfd6569f9eba2c13017d1cd515965N

    • Size

      78KB

    • MD5

      6ee41d87f850fd8a6b9fb36c65c29e30

    • SHA1

      74fef52fc86016b6305e420406310b52d20d0508

    • SHA256

      903a496a5b8aff1a62ddd1d0a463dbbd394cfd6569f9eba2c13017d1cd515965

    • SHA512

      23e49194893bd59096b382289e0f7d31da762e91fd5afc95f9ed931cf6846db5827bed69324a3642941fd1aa6f2a402f01332090c34105c1b8bc82f2834d6f57

    • SSDEEP

      1536:Uiy5jSuAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtM6w9/v1aM:ty5jSuAtWDDILJLovbicqOq3o+nO9/p

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks