General

  • Target

    1

  • Size

    4.5MB

  • Sample

    230325-gpz8ksbd73

  • MD5

    e13305b34dca2550e9cf16d102b9fd69

  • SHA1

    f79684a15bec40a154585caa83c7a030043ea570

  • SHA256

    ba3c0e098d9f3007c8ac221344fcc2c2499eeb4e954392a853290b532dc75f81

  • SHA512

    7bec907099012a4561e0ccd61b38caf4e68953b5d453948a1d9548e19029051ac5489a92a3915e520fd14e6bb5764e378aae3026d35f4ae14ba183f17d1ceade

  • SSDEEP

    98304:8ms2Ppr55vJvBh/xpnNQAfbU9I285Uf4yfJrDjdn+B8by:HsMprp7xhNQAfbU9I2AUf4aDjJ+b

Malware Config

Targets

    • Target

      1

    • Size

      4.5MB

    • MD5

      e13305b34dca2550e9cf16d102b9fd69

    • SHA1

      f79684a15bec40a154585caa83c7a030043ea570

    • SHA256

      ba3c0e098d9f3007c8ac221344fcc2c2499eeb4e954392a853290b532dc75f81

    • SHA512

      7bec907099012a4561e0ccd61b38caf4e68953b5d453948a1d9548e19029051ac5489a92a3915e520fd14e6bb5764e378aae3026d35f4ae14ba183f17d1ceade

    • SSDEEP

      98304:8ms2Ppr55vJvBh/xpnNQAfbU9I285Uf4yfJrDjdn+B8by:HsMprp7xhNQAfbU9I2AUf4aDjJ+b

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    • Fatal Rat payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Tasks