fatalrat | d7db19fcb61b5c3e56599811267596aef42329b5e810add8f951ee83fb9e6a8a | Triage

Submit
Reports

Overview

overview

Static

static

7

d7db19fcb6...8a.exe

windows7-x64

d7db19fcb6...8a.exe

windows10-2004-x64

Sharing

General

Target

d7db19fcb61b5c3e56599811267596aef42329b5e810add8f951ee83fb9e6a8a
Size

3.8MB
Sample

230426-egycxagh6t
MD5

1403d83286f96225ec94af9735753c41
SHA1

709eb9b06a29f6f8c4fa72995a7e6e1549e00c99
SHA256

d7db19fcb61b5c3e56599811267596aef42329b5e810add8f951ee83fb9e6a8a
SHA512

dc7b705c28e38a7373f61e6d281841b1e7d6dfd41a8bc1633a267b829ff959698dbe48e4e9a7b18b5b5a09b3f9d8689fe08df9388bbc6fff9ced1a211b0fe19d
SSDEEP

98304:c6g6GZTM3J6FHXrXd2OVWivISyjL2YH7Ol7BNXPCaDXaQtY8HPwur:c6g6GZTM3J6xrXZs+yjL3OlN9qaj9tYI

Score

10^/10

fatalrat infostealer rat vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d7db19fcb61b5c3e56599811267596aef42329b5e810add8f951ee83fb9e6a8a.exe

Resource

win7-20230220-en

fatalrat infostealer rat vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d7db19fcb61b5c3e56599811267596aef42329b5e810add8f951ee83fb9e6a8a.exe

Resource

win10v2004-20230220-en

fatalrat infostealer rat vmprotect

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d7db19fcb61b5c3e56599811267596aef42329b5e810add8f951ee83fb9e6a8a
- Size
  
  3.8MB
- MD5
  
  1403d83286f96225ec94af9735753c41
- SHA1
  
  709eb9b06a29f6f8c4fa72995a7e6e1549e00c99
- SHA256
  
  d7db19fcb61b5c3e56599811267596aef42329b5e810add8f951ee83fb9e6a8a
- SHA512
  
  dc7b705c28e38a7373f61e6d281841b1e7d6dfd41a8bc1633a267b829ff959698dbe48e4e9a7b18b5b5a09b3f9d8689fe08df9388bbc6fff9ced1a211b0fe19d
- SSDEEP
  
  98304:c6g6GZTM3J6FHXrXd2OVWivISyjL2YH7Ol7BNXPCaDXaQtY8HPwur:c6g6GZTM3J6xrXZs+yjL3OlN9qaj9tYI
Score

10^/10

fatalrat infostealer rat vmprotect
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratinfostealerratvmprotect

behavioral2

fatalratinfostealerratvmprotect

© 2018-2025

Terms | Privacy