Perl510.dll

General
Target

Perl510.dll

Size

924KB

Sample

220521-sbkfradaek

Score
10 /10
MD5

dbf8b9ab8ae650d5b452240c0e9c90df

SHA1

1215872c6f7306d6ba14133eb706483f04445885

SHA256

9c7feb98fb5804f1f80dd03db1f84a06b68ea6043d2d34ab53edce82b83827b2

SHA512

f9ab16d7946f4dfab4abbe368d6863dbaa1e0c49b6b051ff44eecdf0053ee0d1204272b08ffc925d76335874ca1099ebebc84ba80be3aa9c9bd5e5007a62d3a9

Malware Config
Targets
Target

Perl510.dll

MD5

dbf8b9ab8ae650d5b452240c0e9c90df

Filesize

924KB

Score
10/10
SHA1

1215872c6f7306d6ba14133eb706483f04445885

SHA256

9c7feb98fb5804f1f80dd03db1f84a06b68ea6043d2d34ab53edce82b83827b2

SHA512

f9ab16d7946f4dfab4abbe368d6863dbaa1e0c49b6b051ff44eecdf0053ee0d1204272b08ffc925d76335874ca1099ebebc84ba80be3aa9c9bd5e5007a62d3a9

Tags

Signatures

  • FatalRat

    Description

    FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    Tags

  • suricata: ET MALWARE FatalRAT CnC Activity

    Description

    suricata: ET MALWARE FatalRAT CnC Activity

    Tags

  • Fatal Rat Payload

  • Blocklisted process makes network request

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral2

                    3/10