Overview

overview

10

Static

static

3

cf74711701...af.exe

windows7-x64

10

cf74711701...af.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf74711701c46a24b292f2c15ae0a8a0b5869d1cbc11a2b68bf1f2620caf6faf

  • Size

    78KB

  • Sample

    241204-dgw96sykev

  • MD5

    c50fecd6605ba752a20c774a20cc37e4

  • SHA1

    a9b6162bc193847b01bde02000a95c76211e9d18

  • SHA256

    cf74711701c46a24b292f2c15ae0a8a0b5869d1cbc11a2b68bf1f2620caf6faf

  • SHA512

    bf83caad2b50c6f308b24f7c8dce9d5950b79af82fa647d8f6df2a3f4206be13213b606eaec6c983b8f8d2d0281887c9b3a03f7bc36c8f90c0779922d7bb2eb3

  • SSDEEP

    1536:sj584vZv0kH9gDDtWzYCnJPeoYrGQtC6K9/R18G:4584l0Y9MDYrm7y9/7

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      cf74711701c46a24b292f2c15ae0a8a0b5869d1cbc11a2b68bf1f2620caf6faf

    • Size

      78KB

    • MD5

      c50fecd6605ba752a20c774a20cc37e4

    • SHA1

      a9b6162bc193847b01bde02000a95c76211e9d18

    • SHA256

      cf74711701c46a24b292f2c15ae0a8a0b5869d1cbc11a2b68bf1f2620caf6faf

    • SHA512

      bf83caad2b50c6f308b24f7c8dce9d5950b79af82fa647d8f6df2a3f4206be13213b606eaec6c983b8f8d2d0281887c9b3a03f7bc36c8f90c0779922d7bb2eb3

    • SSDEEP

      1536:sj584vZv0kH9gDDtWzYCnJPeoYrGQtC6K9/R18G:4584l0Y9MDYrm7y9/7

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks