Overview

overview

10

Static

static

EduCefWarper.dll

windows7_x64

10

EduCefWarper.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EduCefWarper.dll

  • Size

    1.1MB

  • Sample

    220521-n456pshgej

  • MD5

    55c32cb9a881b49bcc0d1b36868a3e98

  • SHA1

    e0d623b55e5e307540d05a55fadc323d9615d3b2

  • SHA256

    8795836a86dc61f9fe1d4b3f798ebf3a4c1900ddac2f207f4d1f46e87b85850f

  • SHA512

    dba66ec3002d7f08bc17c63b34028775d5d9dde7c0c3cd0778e120aba0a273ed130924954a23fcdbbcac4c10c76c991712895ff971979a9a865632bb659e0414

Score
10/10
fatalratinfostealerpersistenceratsuricata

Malware Config

Targets

    • Target

      EduCefWarper.dll

    • Size

      1.1MB

    • MD5

      55c32cb9a881b49bcc0d1b36868a3e98

    • SHA1

      e0d623b55e5e307540d05a55fadc323d9615d3b2

    • SHA256

      8795836a86dc61f9fe1d4b3f798ebf3a4c1900ddac2f207f4d1f46e87b85850f

    • SHA512

      dba66ec3002d7f08bc17c63b34028775d5d9dde7c0c3cd0778e120aba0a273ed130924954a23fcdbbcac4c10c76c991712895ff971979a9a865632bb659e0414

    Score
    10/10
    persistencesuricatafatalratinfostealerrat

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • suricata: ET MALWARE FatalRAT CnC Activity

      suricata: ET MALWARE FatalRAT CnC Activity

      suricata

    • Fatal Rat Payload

      ratinfostealer

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks