fatalrat | 9e516f58cc07569bd166ebd8688ca613e877215fc83a3d9ce0c0a765d295ca46 | Triage

Submit
Reports

Overview

overview

Static

static

3

ths_lhce56.X64.exe

windows7-x64

8

ths_lhce56.X64.exe

windows10-1703-x64

7

ths_lhce56.X64.exe

windows10-2004-x64

Sharing

General

Target

ths_lhce56.X64.exe
Size

41.8MB
Sample

230822-smxkfsee6z
MD5

cc287f6bf940bc8b77cd20facc011943
SHA1

837786b139a785894d4390c10fa4693b69c93e91
SHA256

9e516f58cc07569bd166ebd8688ca613e877215fc83a3d9ce0c0a765d295ca46
SHA512

12baf4c9d2c2efaaf3c838033ce28b705c664718d2ad30fc7812ff6bd8e8a41eb88ef7bf125e2927225912d97c3a7d196d33a8d34004be995622a75af79656d9
SSDEEP

786432:9KTs0hBwd++d/URZtmaDhTM67840M+J5JwBSPEzUuhuhrsbFpbsynA:9UphBD+NURbmaNM67+RJ5JzXnYxlA

Score

10^/10

fatalrat infostealer persistence rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ths_lhce56.X64.exe

Resource

win7-20230712-en

windows7-x64

15 signatures

300 seconds

Behavioral task

behavioral2

Sample

ths_lhce56.X64.exe

Resource

win10-20230703-en

windows10-1703-x64

14 signatures

300 seconds

Behavioral task

behavioral3

Sample

ths_lhce56.X64.exe

Resource

win10v2004-20230703-en

fatalrat infostealer persistence rat upx

windows10-2004-x64

20 signatures

300 seconds

Malware Config

Targets

- Target
  
  ths_lhce56.X64.exe
- Size
  
  41.8MB
- MD5
  
  cc287f6bf940bc8b77cd20facc011943
- SHA1
  
  837786b139a785894d4390c10fa4693b69c93e91
- SHA256
  
  9e516f58cc07569bd166ebd8688ca613e877215fc83a3d9ce0c0a765d295ca46
- SHA512
  
  12baf4c9d2c2efaaf3c838033ce28b705c664718d2ad30fc7812ff6bd8e8a41eb88ef7bf125e2927225912d97c3a7d196d33a8d34004be995622a75af79656d9
- SSDEEP
  
  786432:9KTs0hBwd++d/URZtmaDhTM67840M+J5JwBSPEzUuhuhrsbFpbsynA:9UphBD+NURbmaNM67+RJ5JzXnYxlA
Score

10^/10

upx fatalrat infostealer persistence rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

fatalratinfostealerpersistenceratupx

© 2018-2024

Terms | Privacy