fatalrat | ab6a39b8f6567f05c7f1929de047a9a5bd0dc4243e0c32b11c38856d9f5b991c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

ab6a39b8f6...1c.exe

windows7-x64

ab6a39b8f6...1c.exe

windows10-2004-x64

Sharing

General

Target

ab6a39b8f6567f05c7f1929de047a9a5bd0dc4243e0c32b11c38856d9f5b991c
Size

101KB
Sample

230803-k8kh1sce67
MD5

c24b15ddcf5f38b957e29cbb770513b6
SHA1

776d4d0ebaaa3ad42ca0bea26e55efe032d64922
SHA256

ab6a39b8f6567f05c7f1929de047a9a5bd0dc4243e0c32b11c38856d9f5b991c
SHA512

7dc315b2981d7b9bb61967541119c76a6ffec913c20093a2a0f94dcb52d7b49f087afe406549254ab969ec451bfa66158ce38ce16b33076d8fe0aba3d447b6b8
SSDEEP

1536:gt1DlqVQsb7O+qgC23pG8XIXNe6Mv5io63RG8jpkcF6YPxMsJPxj:ggrO+qh2pXye6MBN63RpjpZFBxMExj

Score

10^/10

fatalrat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

ab6a39b8f6567f05c7f1929de047a9a5bd0dc4243e0c32b11c38856d9f5b991c.exe

Resource

win7-20230712-en

fatalrat infostealer rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ab6a39b8f6567f05c7f1929de047a9a5bd0dc4243e0c32b11c38856d9f5b991c.exe

Resource

win10v2004-20230703-en

fatalrat infostealer rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  ab6a39b8f6567f05c7f1929de047a9a5bd0dc4243e0c32b11c38856d9f5b991c
- Size
  
  101KB
- MD5
  
  c24b15ddcf5f38b957e29cbb770513b6
- SHA1
  
  776d4d0ebaaa3ad42ca0bea26e55efe032d64922
- SHA256
  
  ab6a39b8f6567f05c7f1929de047a9a5bd0dc4243e0c32b11c38856d9f5b991c
- SHA512
  
  7dc315b2981d7b9bb61967541119c76a6ffec913c20093a2a0f94dcb52d7b49f087afe406549254ab969ec451bfa66158ce38ce16b33076d8fe0aba3d447b6b8
- SSDEEP
  
  1536:gt1DlqVQsb7O+qgC23pG8XIXNe6Mv5io63RG8jpkcF6YPxMsJPxj:ggrO+qh2pXye6MBN63RpjpZFBxMExj
Score

10^/10

fatalrat infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Blocklisted process makes network request
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fatalratinfostealerrat

behavioral2

fatalratinfostealerrat

© 2018-2025

Terms | Privacy