Overview

overview

10

Static

static

3

b238414476...70.exe

windows7-x64

7

b238414476...70.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b238414476b03dcc16a8272a8771986be90de8a5997fa9383983c073f05e2570

  • Size

    78KB

  • Sample

    241109-c4289syjeq

  • MD5

    639265f6013573f257f7ab35a0fb88fb

  • SHA1

    cf45a64368939a2b194c08b20bacb65824df9c76

  • SHA256

    b238414476b03dcc16a8272a8771986be90de8a5997fa9383983c073f05e2570

  • SHA512

    2f49048fdb55b0439552b428b2751f9dd9c0850280a950fcd85eb195891101ec4f96362ed3dde06dbdcc9d335dad7deccf1a935744ed0be387347d27ef5e5fe7

  • SSDEEP

    1536:8Vc5lAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtS6GD9/A13F:Gc5lAtWDDILJLovbicqOq3o+n69/Q

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      b238414476b03dcc16a8272a8771986be90de8a5997fa9383983c073f05e2570

    • Size

      78KB

    • MD5

      639265f6013573f257f7ab35a0fb88fb

    • SHA1

      cf45a64368939a2b194c08b20bacb65824df9c76

    • SHA256

      b238414476b03dcc16a8272a8771986be90de8a5997fa9383983c073f05e2570

    • SHA512

      2f49048fdb55b0439552b428b2751f9dd9c0850280a950fcd85eb195891101ec4f96362ed3dde06dbdcc9d335dad7deccf1a935744ed0be387347d27ef5e5fe7

    • SSDEEP

      1536:8Vc5lAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtS6GD9/A13F:Gc5lAtWDDILJLovbicqOq3o+n69/Q

    Score
    10/10
    discoverypersistencemetamorpherratratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks