Overview

overview

10

Static

static

3

0b1741e79d...ba.exe

windows7-x64

10

0b1741e79d...ba.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b1741e79d2d639e8ad5e46835cb117f98a13e62cc58f841afbcd94cb2a9a5ba.exe

  • Size

    78KB

  • Sample

    241209-l4my1syngp

  • MD5

    c12627e95afa28641ab02f70fe8de18c

  • SHA1

    e8a0e47f4aaa342977705427463117971c9b9309

  • SHA256

    0b1741e79d2d639e8ad5e46835cb117f98a13e62cc58f841afbcd94cb2a9a5ba

  • SHA512

    fdcce2ec2ee74c0fca3065d028e6c9b5ef8a1278d99224ba637734b7faa9a9a47a630312c2e43521fcbfd31dba12da7468bdf7176ace7f9b27c5bdf54c3e5a54

  • SSDEEP

    1536:bRWV5jEdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6F9/7Y1ei:bRWV5jzn7N041Qqhgt9/7E

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      0b1741e79d2d639e8ad5e46835cb117f98a13e62cc58f841afbcd94cb2a9a5ba.exe

    • Size

      78KB

    • MD5

      c12627e95afa28641ab02f70fe8de18c

    • SHA1

      e8a0e47f4aaa342977705427463117971c9b9309

    • SHA256

      0b1741e79d2d639e8ad5e46835cb117f98a13e62cc58f841afbcd94cb2a9a5ba

    • SHA512

      fdcce2ec2ee74c0fca3065d028e6c9b5ef8a1278d99224ba637734b7faa9a9a47a630312c2e43521fcbfd31dba12da7468bdf7176ace7f9b27c5bdf54c3e5a54

    • SSDEEP

      1536:bRWV5jEdy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6F9/7Y1ei:bRWV5jzn7N041Qqhgt9/7E

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.