metamorpherrat | e3b1c39dfdeec49b0372e7e1eb8ae1880b95fe3f2095a413fe80df28f92d0c42 | Triage

Sharing

General

Target

e3b1c39dfdeec49b0372e7e1eb8ae1880b95fe3f2095a413fe80df28f92d0c42N.exe
Size

78KB
Sample

241126-t8rrrszkcs
MD5

e3868ec9d2a04aba83d1e2862b9894a0
SHA1

7b6aeeca771bb7d1df05adb110c998e6d9b70cac
SHA256

e3b1c39dfdeec49b0372e7e1eb8ae1880b95fe3f2095a413fe80df28f92d0c42
SHA512

3778f674bd48058d5c598fea1d0b4aa845dd762233682e880a411aa79da7c7595e5c74c70e0baf6ca728af2fc1a25f7ff68e8f07724cfd0d9c7439bbc18327f7
SSDEEP

1536:TX4V5jSuAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9Qti6q9/o1Lp:D4V5jSuAtWDDILJLovbicqOq3o+ni9/U

Score

10^/10

metamorpherrat discovery persistence rat stealer trojan

Malware Config

Targets

- Target
  
  e3b1c39dfdeec49b0372e7e1eb8ae1880b95fe3f2095a413fe80df28f92d0c42N.exe
- Size
  
  78KB
- MD5
  
  e3868ec9d2a04aba83d1e2862b9894a0
- SHA1
  
  7b6aeeca771bb7d1df05adb110c998e6d9b70cac
- SHA256
  
  e3b1c39dfdeec49b0372e7e1eb8ae1880b95fe3f2095a413fe80df28f92d0c42
- SHA512
  
  3778f674bd48058d5c598fea1d0b4aa845dd762233682e880a411aa79da7c7595e5c74c70e0baf6ca728af2fc1a25f7ff68e8f07724cfd0d9c7439bbc18327f7
- SSDEEP
  
  1536:TX4V5jSuAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9Qti6q9/o1Lp:D4V5jSuAtWDDILJLovbicqOq3o+ni9/U
Score

10^/10

metamorpherrat discovery persistence rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Metamorpherrat family
  metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metamorpherratdiscoverypersistenceratstealertrojan

behavioral2

metamorpherratdiscoverypersistenceratstealertrojan