Description
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
Perl510.dll
General
Target
Size
Sample
Perl510.dll
924KB
220521-sbkfradaek
Score
10 /10
MD5
SHA1
SHA256
SHA512
dbf8b9ab8ae650d5b452240c0e9c90df
1215872c6f7306d6ba14133eb706483f04445885
9c7feb98fb5804f1f80dd03db1f84a06b68ea6043d2d34ab53edce82b83827b2
f9ab16d7946f4dfab4abbe368d6863dbaa1e0c49b6b051ff44eecdf0053ee0d1204272b08ffc925d76335874ca1099ebebc84ba80be3aa9c9bd5e5007a62d3a9
Malware Config
Targets
Target
MD5
Filesize
Perl510.dll
dbf8b9ab8ae650d5b452240c0e9c90df
924KB
Score
10/10
SHA1
SHA256
SHA512
1215872c6f7306d6ba14133eb706483f04445885
9c7feb98fb5804f1f80dd03db1f84a06b68ea6043d2d34ab53edce82b83827b2
f9ab16d7946f4dfab4abbe368d6863dbaa1e0c49b6b051ff44eecdf0053ee0d1204272b08ffc925d76335874ca1099ebebc84ba80be3aa9c9bd5e5007a62d3a9
Tags
Signatures
-
FatalRat
-
suricata: ET MALWARE FatalRAT CnC Activity
Description
suricata: ET MALWARE FatalRAT CnC Activity
Tags
-
Fatal Rat Payload
Tags
-
Blocklisted process makes network request
-
Adds Run key to start application
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks