Overview

overview

10

Static

static

3

u9.exe

windows7-x64

8

u9.exe

windows10-1703-x64

10

u9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    u9.exe

  • Size

    4.5MB

  • Sample

    230806-g8zfdsgc25

  • MD5

    92bd14c4a22b2aed0fe832f2b1174af0

  • SHA1

    f08d2d2e6a6ffc92a7133d0ceaf01963cfaebe86

  • SHA256

    7107606074d34bfb3d9a659b21bf84e55692b810b8e7d60c677b86b6477fdd7a

  • SHA512

    bbc16c3595cf20a6aec3811975d8ae4121220f4549456dca9a4cc03e0d13131139736fa669d0dd941052f0cee25cf7d6d251e5cc61e34a22e712b19751c68b6a

  • SSDEEP

    98304:sJizlahPkloq0/nubwpJPYSeHrNYgLVBwsrX:sJiQIoq+ubwpxANYs0sr

Score
10/10
fatalratinfostealerpersistencerat

Malware Config

Targets

    • Target

      u9.exe

    • Size

      4.5MB

    • MD5

      92bd14c4a22b2aed0fe832f2b1174af0

    • SHA1

      f08d2d2e6a6ffc92a7133d0ceaf01963cfaebe86

    • SHA256

      7107606074d34bfb3d9a659b21bf84e55692b810b8e7d60c677b86b6477fdd7a

    • SHA512

      bbc16c3595cf20a6aec3811975d8ae4121220f4549456dca9a4cc03e0d13131139736fa669d0dd941052f0cee25cf7d6d251e5cc61e34a22e712b19751c68b6a

    • SSDEEP

      98304:sJizlahPkloq0/nubwpJPYSeHrNYgLVBwsrX:sJiQIoq+ubwpxANYs0sr

    Score
    10/10
    fatalratinfostealerpersistencerat

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks