metamorpherrat | 1e70f7f27e0bd9561eba3865ef79ab285b428d5ee11897e71b1c0fb8321cdfe4 | Triage

Sharing

General

Target

1e70f7f27e0bd9561eba3865ef79ab285b428d5ee11897e71b1c0fb8321cdfe4
Size

78KB
Sample

250321-xypq7szqz6
MD5

2a21da074f16697437f40b59fc876ecc
SHA1

865380c43639748c3ae8cb7fd6ccca277a5cc7bc
SHA256

1e70f7f27e0bd9561eba3865ef79ab285b428d5ee11897e71b1c0fb8321cdfe4
SHA512

e2a42afca1764b1b1d08a7596d92024b8c5abdebbac186bfd9a039825ecd087a022a7ab7276d7622da1a36dae2d384cdcfbb0849873e6bf3d4ad62b89588c9eb
SSDEEP

1536:Uy5Ndy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6z9/Pp1kP:Uy5Yn7N041Qqhg79/W

Score

10^/10

metamorpherrat discovery persistence rat stealer trojan

Malware Config

Targets

- Target
  
  1e70f7f27e0bd9561eba3865ef79ab285b428d5ee11897e71b1c0fb8321cdfe4
- Size
  
  78KB
- MD5
  
  2a21da074f16697437f40b59fc876ecc
- SHA1
  
  865380c43639748c3ae8cb7fd6ccca277a5cc7bc
- SHA256
  
  1e70f7f27e0bd9561eba3865ef79ab285b428d5ee11897e71b1c0fb8321cdfe4
- SHA512
  
  e2a42afca1764b1b1d08a7596d92024b8c5abdebbac186bfd9a039825ecd087a022a7ab7276d7622da1a36dae2d384cdcfbb0849873e6bf3d4ad62b89588c9eb
- SSDEEP
  
  1536:Uy5Ndy0MochZDsC8Kl/99Z242UdIAkn3jKZPjoYaoQtC6z9/Pp1kP:Uy5Yn7N041Qqhg79/W
Score

10^/10

metamorpherrat discovery persistence rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Metamorpherrat family
  metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metamorpherratdiscoverypersistenceratstealertrojan

behavioral2

metamorpherratdiscoverypersistenceratstealertrojan