General
-
Target
8933cf5ca29e78a3c23f35f7b837efcf6f5f76d88c902ed08205b213165bd857
-
Size
4.5MB
-
Sample
230322-edjeksef84
-
MD5
d9554bbc5c3af0897cf964bfc05a25ee
-
SHA1
dc7d515a4c955d50b6f33672428435e7eecf68b6
-
SHA256
8933cf5ca29e78a3c23f35f7b837efcf6f5f76d88c902ed08205b213165bd857
-
SHA512
563fed4d113e721c337f8708f380bbe09fe29b70d16e5a32c478d26433a0a93ff49d9d832cb209d5312316cbdfd9de7cf666275ba0aae9f8d8de75624a7e8708
-
SSDEEP
98304:J+pInoZjT50eNzIWXNYrDPARZ2L7h2XvkKjTPeLcDvt6mUE7iaLGtBHCql+jWh7g:oGU+eN1NIDY/Y3KjTeCV6m9/LGFl+
Malware Config
Targets
-
-
Target
8933cf5ca29e78a3c23f35f7b837efcf6f5f76d88c902ed08205b213165bd857
-
Size
4.5MB
-
MD5
d9554bbc5c3af0897cf964bfc05a25ee
-
SHA1
dc7d515a4c955d50b6f33672428435e7eecf68b6
-
SHA256
8933cf5ca29e78a3c23f35f7b837efcf6f5f76d88c902ed08205b213165bd857
-
SHA512
563fed4d113e721c337f8708f380bbe09fe29b70d16e5a32c478d26433a0a93ff49d9d832cb209d5312316cbdfd9de7cf666275ba0aae9f8d8de75624a7e8708
-
SSDEEP
98304:J+pInoZjT50eNzIWXNYrDPARZ2L7h2XvkKjTPeLcDvt6mUE7iaLGtBHCql+jWh7g:oGU+eN1NIDY/Y3KjTeCV6m9/LGFl+
Score10/10-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Fatal Rat payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-