Overview

overview

10

Static

static

1

(电-子-�...��.exe

windows7-x64

10

(电-子-�...��.exe

windows10-2004-x64

10

Dekont,pdf.exe

windows7-x64

10

Dekont,pdf.exe

windows10-2004-x64

10

资金账�...��.exe

windows7-x64

10

资金账�...��.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-04-2023 08:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    资金账户对账单导出.exe

  • Size

    6.7MB

  • MD5

    3856a53ca2dca3c535746c194c7afb1d

  • SHA1

    89b3c74be1520a0932fed53e783212fe092641cc

  • SHA256

    7086ed025a5c4089495785a51fc9685e853e780eee24a1fefe695d486f0066a1

  • SHA512

    85d4b667f670deeb48d5d782965be8c7a06bb236d4db31373b93ec2379d78c6b67add6f88c0240d14bf91b8e728f167ebbf99299df1bb4be246eeebaa4e960c8

  • SSDEEP

    196608:LCj744gpV+cTnIknHCdzRFY4Mx53wOOj7Wl:LCjUfdbxnHcznY4M33TI

Score
10/10
fatalratinfostealerrat

Malware Config

Signatures

  • FatalRat

    FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    infostealerratfatalrat
  • Fatal Rat payload 1 IoCs
    ratinfostealer
  • Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\资金账户对账单导出.exe
    "C:\Users\Admin\AppData\Local\Temp\资金账户对账单导出.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2100

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2100-133-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-134-0x000000007F540000-0x000000007F911000-memory.dmp
    Filesize

    3.8MB

    Download
  • memory/2100-135-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-136-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-137-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-138-0x0000000010000000-0x000000001002A000-memory.dmp
    Filesize

    168KB

    Download
  • memory/2100-143-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-144-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-145-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-146-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-147-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-148-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-149-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-150-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-151-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-152-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-153-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download
  • memory/2100-154-0x0000000000960000-0x0000000002327000-memory.dmp
    Filesize

    25.8MB

    Download