metamorpherrat | d4fc7c3a9fe1f35c2e5faf891c59fd7563f9930e0ed9005f5cd799f50198c339 | Triage

Sharing

General

Target

d4fc7c3a9fe1f35c2e5faf891c59fd7563f9930e0ed9005f5cd799f50198c339N.exe
Size

78KB
Sample

250225-aqdyeaxps8
MD5

00d113ce7bdfb4698243c40f6b50a780
SHA1

be2e4a103b305aca98206ed65b2ecc72a0aa1dc4
SHA256

d4fc7c3a9fe1f35c2e5faf891c59fd7563f9930e0ed9005f5cd799f50198c339
SHA512

c87725ae6d9ec7f935bd45857b15863ea17bb8e36514c0b337d1718a29d7243a7e2840f8177223d304f83cd2e67f1c92fa47f2aa74eabb0c3324b974486b0f23
SSDEEP

1536:kPWV5jqXT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQt96r9/w/13E:kPWV5jSSyRxvhTzXPvCbW2U09/wq

Score

10^/10

metamorpherrat discovery persistence rat stealer trojan

Malware Config

Targets

- Target
  
  d4fc7c3a9fe1f35c2e5faf891c59fd7563f9930e0ed9005f5cd799f50198c339N.exe
- Size
  
  78KB
- MD5
  
  00d113ce7bdfb4698243c40f6b50a780
- SHA1
  
  be2e4a103b305aca98206ed65b2ecc72a0aa1dc4
- SHA256
  
  d4fc7c3a9fe1f35c2e5faf891c59fd7563f9930e0ed9005f5cd799f50198c339
- SHA512
  
  c87725ae6d9ec7f935bd45857b15863ea17bb8e36514c0b337d1718a29d7243a7e2840f8177223d304f83cd2e67f1c92fa47f2aa74eabb0c3324b974486b0f23
- SSDEEP
  
  1536:kPWV5jqXT0XRhyRjVf3hTzdEzcEGvCZ1Hc5RPuoYciQt96r9/w/13E:kPWV5jSSyRxvhTzXPvCbW2U09/wq
Score

10^/10

metamorpherrat discovery persistence rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Metamorpherrat family
  metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metamorpherratdiscoverypersistenceratstealertrojan

behavioral2

discoverypersistence