Overview

overview

10

Static

static

3

0322809592...aN.exe

windows7-x64

10

0322809592...aN.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    032280959242085a69a1afc7491f5987fcd3ccc32d2fd324938e090f121f758aN.exe

  • Size

    78KB

  • Sample

    250117-k3dtaa1kbp

  • MD5

    feaf6e3c345c4b6f8a908fcacd81ba50

  • SHA1

    2a0366ca6c6dea2efd2fe50f6ee14d29a3ad844b

  • SHA256

    032280959242085a69a1afc7491f5987fcd3ccc32d2fd324938e090f121f758a

  • SHA512

    08e346e38c006b6a692bcd39df6955f1f05f7190ed34b85e22df455c3da53be72dd4edf92c653c8bf8c9edefa8149231181569f02ca5254f7de38548e93730aa

  • SSDEEP

    1536:Qmy58QvZv0kH9gDDtWzYCnJPeoYrGQtC67Q9/o1x0:vy58Ql0Y9MDYrm7jQ9/r

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      032280959242085a69a1afc7491f5987fcd3ccc32d2fd324938e090f121f758aN.exe

    • Size

      78KB

    • MD5

      feaf6e3c345c4b6f8a908fcacd81ba50

    • SHA1

      2a0366ca6c6dea2efd2fe50f6ee14d29a3ad844b

    • SHA256

      032280959242085a69a1afc7491f5987fcd3ccc32d2fd324938e090f121f758a

    • SHA512

      08e346e38c006b6a692bcd39df6955f1f05f7190ed34b85e22df455c3da53be72dd4edf92c653c8bf8c9edefa8149231181569f02ca5254f7de38548e93730aa

    • SSDEEP

      1536:Qmy58QvZv0kH9gDDtWzYCnJPeoYrGQtC67Q9/o1x0:vy58Ql0Y9MDYrm7jQ9/r

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks