metamorpherrat | ed027cca8a7d43d537d626bf02e9a79ca9d5ca79a763b8a2a5fd575a1cc2da64 | Triage

Sharing

General

Target

ed027cca8a7d43d537d626bf02e9a79ca9d5ca79a763b8a2a5fd575a1cc2da64.exe
Size

78KB
Sample

250102-npt5wssqfm
MD5

0bd9c5a615518309a2c0bfa4673b01e1
SHA1

dc97b633713e5393bc316871909729b677b33bf5
SHA256

ed027cca8a7d43d537d626bf02e9a79ca9d5ca79a763b8a2a5fd575a1cc2da64
SHA512

f955139da46d7bfba3d6df03bf1b48766fa7c5e54913e487e4886b8a3386ddd27dc176253b62d24e5aa1e5e989201a4afe3465d7f13b9d54c8c9f22585670e8a
SSDEEP

1536:VHY6M3xXT0XRhyRjVf3znOJTv3lcUK/+dWzCP7oYTcSQtv9/wW1u+y:VHYn3xSyRxvY3md+dWWZyv9/wOy

Score

10^/10

metamorpherrat discovery persistence rat stealer trojan

Malware Config

Targets

- Target
  
  ed027cca8a7d43d537d626bf02e9a79ca9d5ca79a763b8a2a5fd575a1cc2da64.exe
- Size
  
  78KB
- MD5
  
  0bd9c5a615518309a2c0bfa4673b01e1
- SHA1
  
  dc97b633713e5393bc316871909729b677b33bf5
- SHA256
  
  ed027cca8a7d43d537d626bf02e9a79ca9d5ca79a763b8a2a5fd575a1cc2da64
- SHA512
  
  f955139da46d7bfba3d6df03bf1b48766fa7c5e54913e487e4886b8a3386ddd27dc176253b62d24e5aa1e5e989201a4afe3465d7f13b9d54c8c9f22585670e8a
- SSDEEP
  
  1536:VHY6M3xXT0XRhyRjVf3znOJTv3lcUK/+dWzCP7oYTcSQtv9/wW1u+y:VHYn3xSyRxvY3md+dWWZyv9/wOy
Score

10^/10

discovery persistence metamorpherrat rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Metamorpherrat family
  metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

metamorpherratdiscoverypersistenceratstealertrojan