metamorpherrat | 469cad32c42578cf2713602fb4b0bf417ff697ce43289a763beb2cc7bea10e6a | Triage

Sharing

General

Target

469cad32c42578cf2713602fb4b0bf417ff697ce43289a763beb2cc7bea10e6aN.exe
Size

78KB
Sample

241218-h7srwszrbj
MD5

aa27921f3604aa1ce8f57df7db0a6df0
SHA1

0e3f6ed58a733f34ef62f0b298c4a2918257627d
SHA256

469cad32c42578cf2713602fb4b0bf417ff697ce43289a763beb2cc7bea10e6a
SHA512

1fc0fd88eea355f2a6c6d79beef8337a644a51fc6b4ad557e01beb01c7978442ffd524846c206184a2477808e50777f711876e40b2ea5ae7b41dda35f194f342
SSDEEP

1536:DPWV5j/vZv0kH9gDDtWzYCnJPeoYrGQt9629/5R1gm:DPWV5j/l0Y9MDYrm799/l

Score

10^/10

metamorpherrat discovery persistence rat stealer trojan

Malware Config

Targets

- Target
  
  469cad32c42578cf2713602fb4b0bf417ff697ce43289a763beb2cc7bea10e6aN.exe
- Size
  
  78KB
- MD5
  
  aa27921f3604aa1ce8f57df7db0a6df0
- SHA1
  
  0e3f6ed58a733f34ef62f0b298c4a2918257627d
- SHA256
  
  469cad32c42578cf2713602fb4b0bf417ff697ce43289a763beb2cc7bea10e6a
- SHA512
  
  1fc0fd88eea355f2a6c6d79beef8337a644a51fc6b4ad557e01beb01c7978442ffd524846c206184a2477808e50777f711876e40b2ea5ae7b41dda35f194f342
- SSDEEP
  
  1536:DPWV5j/vZv0kH9gDDtWzYCnJPeoYrGQt9629/5R1gm:DPWV5j/l0Y9MDYrm799/l
Score

10^/10

metamorpherrat discovery persistence rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Metamorpherrat family
  metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metamorpherratdiscoverypersistenceratstealertrojan

behavioral2

metamorpherratdiscoverypersistenceratstealertrojan