Overview

overview

10

Static

static

3

86e3c05bdb...68.exe

windows7-x64

10

86e3c05bdb...68.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86e3c05bdb41130266949b3d80b9bba58660c84db8a0d79012fa023d6f7f6a68

  • Size

    78KB

  • Sample

    250108-d8zvdavlgj

  • MD5

    5fa7c9bf57225c49df47e8c39b661e7f

  • SHA1

    611b273a13eb9136ef73dda870d890b822e7f4dd

  • SHA256

    86e3c05bdb41130266949b3d80b9bba58660c84db8a0d79012fa023d6f7f6a68

  • SHA512

    635b3b3610c5764c9693aebb2a237a2a7ee7a09c0f2252536169c892127d89af9f7249fc576f3ab43c4debfe9a8bad50089fdfa9d8aa98c61101ed210a81705f

  • SSDEEP

    1536:KPWtHFo6M7t/vZv0kH9gDDtWzYCnJPeoYrGQtq9/61wF:KPWtHFonh/l0Y9MDYrm7q9/f

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      86e3c05bdb41130266949b3d80b9bba58660c84db8a0d79012fa023d6f7f6a68

    • Size

      78KB

    • MD5

      5fa7c9bf57225c49df47e8c39b661e7f

    • SHA1

      611b273a13eb9136ef73dda870d890b822e7f4dd

    • SHA256

      86e3c05bdb41130266949b3d80b9bba58660c84db8a0d79012fa023d6f7f6a68

    • SHA512

      635b3b3610c5764c9693aebb2a237a2a7ee7a09c0f2252536169c892127d89af9f7249fc576f3ab43c4debfe9a8bad50089fdfa9d8aa98c61101ed210a81705f

    • SSDEEP

      1536:KPWtHFo6M7t/vZv0kH9gDDtWzYCnJPeoYrGQtq9/61wF:KPWtHFonh/l0Y9MDYrm7q9/f

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks