Overview

overview

10

Static

static

3

5ef16e3f29...3N.exe

windows7-x64

10

5ef16e3f29...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5ef16e3f29ce0583fa11b5f65dba85436bb982cfd2af91bc56bb749d7a49b303N.exe

  • Size

    78KB

  • Sample

    250205-cbs5wsvngl

  • MD5

    8d3721144f7549df779020586ad65850

  • SHA1

    3a8dbf3f448d419bedcd098b6bb9e1e1a5566e48

  • SHA256

    5ef16e3f29ce0583fa11b5f65dba85436bb982cfd2af91bc56bb749d7a49b303

  • SHA512

    18de0aa764229468fad3e2af7508024da5ff9170fe1b20a2242e18d3e5e17900905046a4b274976c30015885d0dfd6cd9aa9122f8e49181a85d6710d7c12f4b5

  • SSDEEP

    1536:LRy5jJLT8hn2Ep7WzPdVj6Ju8B3AZ242UdIAkD4x3HT4hPVoYdVQti6G9/C1BU:LRy5jhE2EwR4uY41HyvYO9/l

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      5ef16e3f29ce0583fa11b5f65dba85436bb982cfd2af91bc56bb749d7a49b303N.exe

    • Size

      78KB

    • MD5

      8d3721144f7549df779020586ad65850

    • SHA1

      3a8dbf3f448d419bedcd098b6bb9e1e1a5566e48

    • SHA256

      5ef16e3f29ce0583fa11b5f65dba85436bb982cfd2af91bc56bb749d7a49b303

    • SHA512

      18de0aa764229468fad3e2af7508024da5ff9170fe1b20a2242e18d3e5e17900905046a4b274976c30015885d0dfd6cd9aa9122f8e49181a85d6710d7c12f4b5

    • SSDEEP

      1536:LRy5jJLT8hn2Ep7WzPdVj6Ju8B3AZ242UdIAkD4x3HT4hPVoYdVQti6G9/C1BU:LRy5jhE2EwR4uY41HyvYO9/l

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks