Overview

overview

10

Static

static

7

Rat/2345Capture.exe

windows7-x64

8

Rat/2345Capture.exe

windows10-2004-x64

10

Rat/Taskmg.exe

windows7-x64

10

Rat/Taskmg.exe

windows10-2004-x64

10

Rat/libcef.dll

windows7-x64

8

Rat/libcef.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Rat.rar

  • Size

    1.5MB

  • Sample

    230810-r8z22adf62

  • MD5

    da49f0cdf47f8082ce521900f54778c7

  • SHA1

    62f914f71abb4d2d7b02444ef984283bbb1f752e

  • SHA256

    317de7a10ace036e37d3a244516ca67eb674d458c33569c91c911c69481a518c

  • SHA512

    5350cadf5beebfdc3cdce6d52b848950b0c1035a7f030695eb66fc61e00b75fe921d0a7e31efc1480f2fbf1de53ee8b9a18f595b8a6908af851590eb310453c3

  • SSDEEP

    49152:SSig68PYeixt/zKZobbfI3tC+7ARHsgrn5PC0T:SSinDDzKqbzIdNeCQ

Score
10/10
fatalrataspackv2infostealerrat

Malware Config

Targets

    • Target

      Rat/2345Capture.exe

    • Size

      236KB

    • MD5

      bebcd675fed7940179932dd5aa63b61c

    • SHA1

      bace66cdc1a67a7b32bd7fdd882f2781b9dac672

    • SHA256

      c04e31d99459edf3a093e49d163f2f650ba789a1b3c6c7c98f26af14909615b2

    • SHA512

      d50ece5d75d0aefe741c35874817972a73bc642d33a5a4074a07ab57bbcbaf76a0c3d2e42be2ae0f3ddf59957197019619bf61746818473eb26f22757d8a434d

    • SSDEEP

      6144:pGgyduw1wqkQ5Qc3yHnFjBq0EAkYIkRHXkYIkRH:p4jZkQCieFpzxHXxH

    Score
    10/10
    aspackv2fatalratinfostealerrat

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Downloads MZ/PE file

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      Rat/Taskmg.exe

    • Size

      2.0MB

    • MD5

      a341b3a7990a811f0666bc0bedefb1dd

    • SHA1

      647b053c5308b18b9202c6133b9c85c72b611760

    • SHA256

      e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1

    • SHA512

      9860c5bc63097c3cbfd52eb26528750eb7925488218781c55cb4244fe4a426c5c05c193b16a5ac2624dd708cfe2265d84ef864e47a3fa1c9682139b5e011da73

    • SSDEEP

      49152:ZDPHyxkEDRNyxB69FeHkYij8jdphkygcsTuGhthoXsxZZ:ZD/mBDRNgyFeHkYiYpphkygcsTdthoX0

    Score
    10/10
    fatalratinfostealerrat

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      Rat/libcef.dll

    • Size

      795KB

    • MD5

      1367469d2e42b0d2d3d33d65c0f99a06

    • SHA1

      5d177af01e5a7c5b1c0920296c7c411a0bfef2d0

    • SHA256

      220533caffc31750c9e7d8226eca3d05c525df59fc81093c175001a0c2e68fb5

    • SHA512

      5bb1590dbe4b72c3bbacb00c48a4495f8ddd9276630c01019cfca86c65eff6f2daebc0c8f243230831d639be14bcef14cc77b8785017dcbbc7d769f457f8005d

    • SSDEEP

      12288:8VbGGQ7NoRFNsqejyVP79uM9jaU1fzjuWu5tYXxPSUu0oe8RrOb0EoA:8Z25onNjZDjagzqRM8TdA

    Score
    10/10
    fatalratinfostealerrat

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Blocklisted process makes network request

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks