General
-
Target
tdesk_桌面端App Store.msi
-
Size
160.6MB
-
Sample
230803-k52ccsce56
-
MD5
0da7a13aca8c114dde4c45474e638a84
-
SHA1
285f1400bf8337a50297835a4771bbe994dd0c02
-
SHA256
ed0f0e60de86f1cd6adfdf435c65ad0253187e645de7255abb0a926f722470f7
-
SHA512
39b22caf9a7c72deaf69eaf9d536461df22362296862fb4f4b80b51e39a9579936e9850865de87788c9d8c42dbe9811b5ce93a5b3aff96caf02bf0e7a975efb8
-
SSDEEP
3145728:DDbD8Na5QkjrDpgCbheTWyGYsl2cH5+3StNEkt8KFMOBFilcg5hYiHa8+8Vo6:jDuaWsPp/tIGYsl2S+3StNAKlsLhZz+K
Malware Config
Targets
-
-
Target
tdesk_桌面端App Store.msi
-
Size
160.6MB
-
MD5
0da7a13aca8c114dde4c45474e638a84
-
SHA1
285f1400bf8337a50297835a4771bbe994dd0c02
-
SHA256
ed0f0e60de86f1cd6adfdf435c65ad0253187e645de7255abb0a926f722470f7
-
SHA512
39b22caf9a7c72deaf69eaf9d536461df22362296862fb4f4b80b51e39a9579936e9850865de87788c9d8c42dbe9811b5ce93a5b3aff96caf02bf0e7a975efb8
-
SSDEEP
3145728:DDbD8Na5QkjrDpgCbheTWyGYsl2cH5+3StNEkt8KFMOBFilcg5hYiHa8+8Vo6:jDuaWsPp/tIGYsl2S+3StNAKlsLhZz+K
Score10/10-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Fatal Rat payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-