Overview

overview

10

Static

static

887cd6898d...3d.exe

windows7-x64

10

887cd6898d...3d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    887cd6898d643f2d67d69dd80b2c9c1adf36c4eb91ccd455a504bc54efa4cb3d

  • Size

    37.5MB

  • Sample

    221030-tvvlhahgg5

  • MD5

    72ba2781e6ee0780c855845e8f981a46

  • SHA1

    5f59791e24ac8b007bfe58df473f73cc793dba5e

  • SHA256

    887cd6898d643f2d67d69dd80b2c9c1adf36c4eb91ccd455a504bc54efa4cb3d

  • SHA512

    85dfbe358b467eebd20574f7a0b35cd7257ebfd751b921768bac3ce8f044049f32e8801b46e828b4c33994994468b4c31b9dc3560b91f25ec132b13b307b2be9

  • SSDEEP

    786432:y9ZhxUMwYZ6QlkQpbMSFsJQU3AOhp/iX1hvj/1g1I/odi8Hnpq:yvjCYXlZMSFeACIdiS/odlH4

Score
10/10
fatalratinfostealerrat

Malware Config

Targets

    • Target

      887cd6898d643f2d67d69dd80b2c9c1adf36c4eb91ccd455a504bc54efa4cb3d

    • Size

      37.5MB

    • MD5

      72ba2781e6ee0780c855845e8f981a46

    • SHA1

      5f59791e24ac8b007bfe58df473f73cc793dba5e

    • SHA256

      887cd6898d643f2d67d69dd80b2c9c1adf36c4eb91ccd455a504bc54efa4cb3d

    • SHA512

      85dfbe358b467eebd20574f7a0b35cd7257ebfd751b921768bac3ce8f044049f32e8801b46e828b4c33994994468b4c31b9dc3560b91f25ec132b13b307b2be9

    • SSDEEP

      786432:y9ZhxUMwYZ6QlkQpbMSFsJQU3AOhp/iX1hvj/1g1I/odi8Hnpq:yvjCYXlZMSFeACIdiS/odlH4

    Score
    10/10
    fatalratinfostealerrat

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks