metamorpherrat | 6765cc7ecc6f99061f89941cc280d206b0142667ee26d3852096ca1443e635b6 | Triage

Sharing

General

Target

6765cc7ecc6f99061f89941cc280d206b0142667ee26d3852096ca1443e635b6.exe
Size

78KB
Sample

241116-yy7gpaslbw
MD5

64ede25968eaf1d786944fb8dd60134f
SHA1

02ede7184de208287c61e509b7b93c5e3b57fba8
SHA256

6765cc7ecc6f99061f89941cc280d206b0142667ee26d3852096ca1443e635b6
SHA512

a875bda5f5d432ec2b80247c6ae52e92ff7dc9c89a256026521347f9c41659e84637b20174aeb590f5e51d259c4491a50900b0ec3555bfc65223450d70e74633
SSDEEP

1536:+y5YXT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQt96l9/ej1Dr7:+y5gSyRxvhTzXPvCbW2U+9/W7

Score

10^/10

metamorpherrat discovery persistence rat stealer trojan

Malware Config

Targets

- Target
  
  6765cc7ecc6f99061f89941cc280d206b0142667ee26d3852096ca1443e635b6.exe
- Size
  
  78KB
- MD5
  
  64ede25968eaf1d786944fb8dd60134f
- SHA1
  
  02ede7184de208287c61e509b7b93c5e3b57fba8
- SHA256
  
  6765cc7ecc6f99061f89941cc280d206b0142667ee26d3852096ca1443e635b6
- SHA512
  
  a875bda5f5d432ec2b80247c6ae52e92ff7dc9c89a256026521347f9c41659e84637b20174aeb590f5e51d259c4491a50900b0ec3555bfc65223450d70e74633
- SSDEEP
  
  1536:+y5YXT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQt96l9/ej1Dr7:+y5gSyRxvhTzXPvCbW2U+9/W7
Score

10^/10

metamorpherrat discovery persistence rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Metamorpherrat family
  metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metamorpherratdiscoverypersistenceratstealertrojan

behavioral2

metamorpherratdiscoverypersistenceratstealertrojan