Overview

overview

10

Static

static

3

1224ffbca5...a2.exe

windows7-x64

10

1224ffbca5...a2.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1224ffbca592bf647ce27559e827497a6eaf7c7247f8ac4cd9d3523b08a599a2

  • Size

    78KB

  • Sample

    250214-absg9axmen

  • MD5

    7fdcc3007e44d2843dfc7427df94fe23

  • SHA1

    78c9c85dd9c41c8fc20512af7ad403ab63f3e99d

  • SHA256

    1224ffbca592bf647ce27559e827497a6eaf7c7247f8ac4cd9d3523b08a599a2

  • SHA512

    08d7e8bc9f6560d1daba1552419ab53a9d9846af4cc3f5d59543565a39077e03f97ec6b9b94caf81eb825cda7177142321a56448da59503a682f91f21dd91e7a

  • SSDEEP

    1536:7RCHFo6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQt/a9/s1Wa:7RCHFo53Ln7N041Qqhg/a9/g

Score
10/10
metamorpherratdiscoverypersistenceratstealertrojan

Malware Config

Targets

    • Target

      1224ffbca592bf647ce27559e827497a6eaf7c7247f8ac4cd9d3523b08a599a2

    • Size

      78KB

    • MD5

      7fdcc3007e44d2843dfc7427df94fe23

    • SHA1

      78c9c85dd9c41c8fc20512af7ad403ab63f3e99d

    • SHA256

      1224ffbca592bf647ce27559e827497a6eaf7c7247f8ac4cd9d3523b08a599a2

    • SHA512

      08d7e8bc9f6560d1daba1552419ab53a9d9846af4cc3f5d59543565a39077e03f97ec6b9b94caf81eb825cda7177142321a56448da59503a682f91f21dd91e7a

    • SSDEEP

      1536:7RCHFo6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQt/a9/s1Wa:7RCHFo53Ln7N041Qqhg/a9/g

    Score
    10/10
    metamorpherratdiscoverypersistenceratstealertrojan

    • MetamorpherRAT

      Metamorpherrat is a hacking tool that has been around for a while since 2013.

      trojanratstealermetamorpherrat

    • Metamorpherrat family

      metamorpherrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks