Overview

overview

10

Static

static

1

TGx-64.msi

windows7-x64

8

TGx-64.msi

windows10-1703-x64

10

TGx-64.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TGx-64.msi

  • Size

    62.7MB

  • Sample

    230810-m1jb4aea2s

  • MD5

    fedb9eec7ef2182d987e50e0cdb3f151

  • SHA1

    91b8664b7085e2b60940c6bc5ae5630bfbf6e3aa

  • SHA256

    05f367011689dd5ca1be21e664d913dff20e0dbe00b641f1adbf7bcd587d3a6c

  • SHA512

    1c4cb11d9b36856acf712320aa7fcb1901df1eb7d744d955d9e8e1e076d8d97c7305ab52bb8e3f325effe711e90567e9ab8a5442f2ad48027ef05b2f5403175f

  • SSDEEP

    1572864:SoIyrnjPdtftg59WqNxg+8HTe4VEsUVt99Yxuh2tVqh5/CMFz:qunbbtg59WnxHBgV/96uhKI/pFz

Score
10/10
fatalratinfostealerpersistencerat

Malware Config

Targets

    • Target

      TGx-64.msi

    • Size

      62.7MB

    • MD5

      fedb9eec7ef2182d987e50e0cdb3f151

    • SHA1

      91b8664b7085e2b60940c6bc5ae5630bfbf6e3aa

    • SHA256

      05f367011689dd5ca1be21e664d913dff20e0dbe00b641f1adbf7bcd587d3a6c

    • SHA512

      1c4cb11d9b36856acf712320aa7fcb1901df1eb7d744d955d9e8e1e076d8d97c7305ab52bb8e3f325effe711e90567e9ab8a5442f2ad48027ef05b2f5403175f

    • SSDEEP

      1572864:SoIyrnjPdtftg59WqNxg+8HTe4VEsUVt99Yxuh2tVqh5/CMFz:qunbbtg59WnxHBgV/96uhKI/pFz

    Score
    10/10
    persistencefatalratinfostealerrat

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks