Overview

overview

10

Static

static

Firefox-x64.msi

windows7-x64

10

Firefox-x64.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Firefox-x64.7z

  • Size

    10.0MB

  • Sample

    230111-lbz3wafe9z

  • MD5

    88c46b0b3fc076d2b11719984b376abf

  • SHA1

    5174d438e43092def5b5fc48a6904a5126d2fd17

  • SHA256

    dc7e999dba2421927abe28c84d7eb3c4786af4d24bb41f7c366dff468f049224

  • SHA512

    552531347ec80c9c400a5cace5f5a2420ad30856b144d17d202d6ff1149efb2c25dbd32ba6864baea1fbd618d84baadb5aba4f355077f6e6be1eeb94b285a89b

  • SSDEEP

    196608:Tnboa7WhcgGHpFPtb4G5yYX9trAIP/xek5mu24tZxGDQSXeKMzV2u8koV3qq4:TnboeqcgGXtb/cYX7R/x4KtHL2Rk66n

Score
10/10
fatalratdiscoveryevasioninfostealerpersistenceratspywarestealertrojanupx

Malware Config

Targets

    • Target

      Firefox-x64.msi

    • Size

      12.4MB

    • MD5

      6f82946feb7b318a92433037313de23d

    • SHA1

      6dafc4b49c08c581ae8e4aabca49bec772f9d8a9

    • SHA256

      99d83bfa475c782f12fcff85a8c6afb61f6f00b393af65d62c33596628189fe2

    • SHA512

      54cdd857d86cac8962bc5463292d53deb1c572b3223a6e0a2cd29ff5d14f0f83c1698cf6d9b96ac3b8a9bc7b8f3457b91f433695eb271a1a85b250d2a3403812

    • SSDEEP

      393216:EELSNZON3MWsDspg80QQUCPpYgMYSpFLtXbY:EELGWsDwg80Q76YhhrY

    Score
    10/10
    fatalratdiscoveryevasioninfostealerratspywarestealertrojanupxpersistence

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks