fatalrat | 0c5bea87cacbd48980e91d9b70eea4e89a9436e3efbb3487cd9243887d73cddd | Triage

Submit
Reports

Overview

overview

Static

static

1

电报中�...up.msi

windows7-x64

电报中�...up.msi

windows10-2004-x64

Sharing

General

Target

电报中文-Setup.rar
Size

36.7MB
Sample

230405-ny1c9sgd61
MD5

33ebcbaacf55ab1b2e9768cbd3ce86bc
SHA1

c2d2a7832299aa17ac478e71465c0d5a5c677bd8
SHA256

0c5bea87cacbd48980e91d9b70eea4e89a9436e3efbb3487cd9243887d73cddd
SHA512

a7b6a12cafca8928863c26105d66c3b403e09242ae1dd3317a61d57380aaacb54e359e3808447561cb68fcf00d690a7c7cd4bc78de9fb2b5218f5d68a48c6941
SSDEEP

786432:acV9dpTr89AsceRk1LFHToPZqpr9teLfSu3Rg:aodB8fc95H0PY9teLfVa

Score

10^/10

fatalrat discovery infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

电报中文-Setup/电报中文-Setup.msi

Resource

win7-20230220-en

fatalrat discovery infostealer rat

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

电报中文-Setup/电报中文-Setup.msi

Resource

win10v2004-20230221-en

fatalrat discovery infostealer rat

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  电报中文-Setup/电报中文-Setup.msi
- Size
  
  39.1MB
- MD5
  
  32e5e82ad43496d9d008a56dc4c3bd2e
- SHA1
  
  fd1427fdebeefa57a67dc9144260d6ddb973c020
- SHA256
  
  9a99fe10206bf68fe6f6cfecb33a84f561ff9c6d4e301375995dddb0877901d6
- SHA512
  
  0285c65819107dc070044b5341fd5715ed5b5e69950195c856f9d3f756ea65ae154612606c9f00aa6700a4ff8df20d69504f67abf41e579151552197f4fe043e
- SSDEEP
  
  786432:sELWxpnW4goBOWB+SDFogpevseZCKN3XYVB/tLJ/+Fcrk5sEZpVcvGs:sEQRcoRBJogpKCSGFEerk5nZpVAGs
Score

10^/10

fatalrat discovery infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratdiscoveryinfostealerrat

behavioral2

fatalratdiscoveryinfostealerrat

© 2018-2025

Terms | Privacy