metamorpherrat | 6dc7958c9629efeb36015186d596e59c63eded5f9dac86291c96a2ff584453b8 | Triage

Sharing

General

Target

6dc7958c9629efeb36015186d596e59c63eded5f9dac86291c96a2ff584453b8N.exe
Size

78KB
Sample

250120-ppbtzsypgz
MD5

a00d21a994deda2ad6e96f3ffb7bc3a0
SHA1

39b10e95929f33023aece6f30616fb1b571a408c
SHA256

6dc7958c9629efeb36015186d596e59c63eded5f9dac86291c96a2ff584453b8
SHA512

2e12d9b2385f1242e635826a53f4de012c70539adcd6a8d2565e35b827dcb2629da534ffc6f6017d496e7480a20abd26c7d168c5d3cafc45b33d41de07feb3a9
SSDEEP

1536:Bc58wvZv0kH9gDDtWzYCnJPeoYrGQt961b9/b11z:Bc58wl0Y9MDYrm7Gb9/n

Score

10^/10

metamorpherrat discovery persistence rat stealer trojan

Malware Config

Targets

- Target
  
  6dc7958c9629efeb36015186d596e59c63eded5f9dac86291c96a2ff584453b8N.exe
- Size
  
  78KB
- MD5
  
  a00d21a994deda2ad6e96f3ffb7bc3a0
- SHA1
  
  39b10e95929f33023aece6f30616fb1b571a408c
- SHA256
  
  6dc7958c9629efeb36015186d596e59c63eded5f9dac86291c96a2ff584453b8
- SHA512
  
  2e12d9b2385f1242e635826a53f4de012c70539adcd6a8d2565e35b827dcb2629da534ffc6f6017d496e7480a20abd26c7d168c5d3cafc45b33d41de07feb3a9
- SSDEEP
  
  1536:Bc58wvZv0kH9gDDtWzYCnJPeoYrGQt961b9/b11z:Bc58wl0Y9MDYrm7Gb9/n
Score

10^/10

metamorpherrat discovery persistence rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Metamorpherrat family
  metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metamorpherratdiscoverypersistenceratstealertrojan

behavioral2

metamorpherratdiscoverypersistenceratstealertrojan