Overview

overview

10

Static

static

3

36d7cd437b...9N.exe

windows7-x64

10

36d7cd437b...9N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36d7cd437b1148dd27ead23c5b41f4647d4b1824fcf6ceb5d49f48e7c0301da9N.exe

  • Size

    78KB

  • Sample

    250119-tj34havmex

  • MD5

    49ea3729923d9a0abd130976cb6f91c0

  • SHA1

    22f7892ad6356ed1511d2111c7dd4b429b64eca1

  • SHA256

    36d7cd437b1148dd27ead23c5b41f4647d4b1824fcf6ceb5d49f48e7c0301da9

  • SHA512

    965cfd4e99cf625eb9bf14c192ba5c49db2417440449fcde2f597ff35c0a4b71731d44a4b33e97759825010ae7b365fbc10948d63efb59c82159cb36a73cd679

  • SSDEEP

    1536:KCHHM7t/vZv0kH9gDDtWzYCnJPeoYrGQtqx9/21Gs:KCHsh/l0Y9MDYrm709/8

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      36d7cd437b1148dd27ead23c5b41f4647d4b1824fcf6ceb5d49f48e7c0301da9N.exe

    • Size

      78KB

    • MD5

      49ea3729923d9a0abd130976cb6f91c0

    • SHA1

      22f7892ad6356ed1511d2111c7dd4b429b64eca1

    • SHA256

      36d7cd437b1148dd27ead23c5b41f4647d4b1824fcf6ceb5d49f48e7c0301da9

    • SHA512

      965cfd4e99cf625eb9bf14c192ba5c49db2417440449fcde2f597ff35c0a4b71731d44a4b33e97759825010ae7b365fbc10948d63efb59c82159cb36a73cd679

    • SSDEEP

      1536:KCHHM7t/vZv0kH9gDDtWzYCnJPeoYrGQtqx9/21Gs:KCHsh/l0Y9MDYrm709/8

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks