General
-
Target
12b2eea0b70ac72b28576602a3a73a7a6a5e194b2b77d470f311675d3ea0407aN.exe
-
Size
78KB
-
Sample
250215-yqlv1ssjgs
-
MD5
9460011b1ecf577107187844257003d0
-
SHA1
4f4359ba3adf88379408d65ae2a6df8af61385a5
-
SHA256
12b2eea0b70ac72b28576602a3a73a7a6a5e194b2b77d470f311675d3ea0407a
-
SHA512
24b39278f066f740695b537051ac1a9fb249617ec8ba35f373426bfd73d7191cf4ed56c2c5030c6d189ca67859df40a2667aba3db4d141aea59734f188b37e1a
-
SSDEEP
1536:ARCHFo6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQt/D9/21aG:ARCHFo53Ln7N041Qqhg/D9/2
Malware Config
Targets
-
-
Target
12b2eea0b70ac72b28576602a3a73a7a6a5e194b2b77d470f311675d3ea0407aN.exe
-
Size
78KB
-
MD5
9460011b1ecf577107187844257003d0
-
SHA1
4f4359ba3adf88379408d65ae2a6df8af61385a5
-
SHA256
12b2eea0b70ac72b28576602a3a73a7a6a5e194b2b77d470f311675d3ea0407a
-
SHA512
24b39278f066f740695b537051ac1a9fb249617ec8ba35f373426bfd73d7191cf4ed56c2c5030c6d189ca67859df40a2667aba3db4d141aea59734f188b37e1a
-
SSDEEP
1536:ARCHFo6638dy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQt/D9/21aG:ARCHFo53Ln7N041Qqhg/D9/2
Score10/10-
MetamorpherRAT
Metamorpherrat is a hacking tool that has been around for a while since 2013.
-
Metamorpherrat family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1