fatalrat | JC_b03028acf3fa7be8b588c8e208c3b9bf3c63ecf3f4708e2a16856303218fbf7c

Sharing

Copy URL

Twitter E-mail

General

Target

JC_b03028acf3fa7be8b588c8e208c3b9bf3c63ecf3f4708e2a16856303218fbf7c
Size

744KB
MD5

117ce5a0f0f4eaed6fdf148fde2c2f0c
SHA1

3d9a0dfeb2e75a97fefc40b14b4c1eebda4c043d
SHA256

b03028acf3fa7be8b588c8e208c3b9bf3c63ecf3f4708e2a16856303218fbf7c
SHA512

8b713bfc842a58d61b9be30b9e9bfd0abe7e6d752b2941d553ef45d2bdd180e290f16d8fb8bef34d0036da78bab7574ddf201b71651a2eae0224233075b2021a
SSDEEP

12288:UtowhNf/ZpdS7B6HAZQ1xJQA+XBiEKJINctTKNdvxQZbxqLzCvnBB:UxpdS77BiEKJztTKNxqEHCvv

Score

10^/10

rat infostealer fatalrat

Malware Config

Signatures

Fatal Rat payload 1 IoCs

rat infostealer

resource	yara_rule
sample	fatalrat

Fatalrat family
fatalrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JC_b03028acf3fa7be8b588c8e208c3b9bf3c63ecf3f4708e2a16856303218fbf7c

Files

JC_b03028acf3fa7be8b588c8e208c3b9bf3c63ecf3f4708e2a16856303218fbf7c
.exe windows x86

43ef0b9bf881cbb0b5fbc1d735d69539

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
TerminateProcess
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalAlloc
GetACP
HeapFree
HeapAlloc
GetLocalTime
GetSystemTime
GetProfileStringA
GetTimeZoneInformation
RaiseException
GetCommandLineA
GetStartupInfoA
RtlUnwind
GetFileTime
GetFileSize
GetFileAttributesA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetThreadLocale
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SizeofResource
GlobalFlags
GetLastError
MulDiv
SetLastError
GetTickCount
CloseHandle
GlobalAlloc
lstrcmpA
GetCurrentThread
lstrcpynA
LocalFree
GetModuleFileNameA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GlobalFree
LockResource
FindResourceA
LoadResource
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
WideCharToMultiByte
GlobalLock
GlobalUnlock
MultiByteToWideChar
WinExec
ExitProcess
LoadLibraryA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
FormatMessageA
lstrlenA
VirtualAlloc

user32

InvalidateRect
CharNextA
PostThreadMessageA
DestroyIcon
GetSysColorBrush
LoadCursorA
InflateRect
GetDesktopWindow
PtInRect
GetClassNameA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DestroyMenu
LoadStringA
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
SetCursor
wvsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
SetRect
IsWindowVisible
SendMessageA
GetWindowRect
wsprintfA
EnableWindow
LoadIconA
AppendMenuA
HideCaret
ShowCaret
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
CharUpperA
MessageBeep
ShowWindow
GetNextDlgGroupItem
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
GetWindowTextA
GetWindowTextLengthA
IsWindowEnabled
GetDlgItem
GetWindowLongA
GetParent
DestroyWindow
CreateDialogIndirectParamA
IsWindow
SetActiveWindow
GetActiveWindow
EndDialog
GetNextDlgTabItem
ReleaseDC
GetDC
CopyRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindow
SetForegroundWindow
GetForegroundWindow
ScreenToClient
CopyAcceleratorTableA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
PostQuitMessage

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
DeleteObject
PatBlt
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

ExtractIconA

comctl32

ImageList_Destroy
ord17

oledlg

ord8

ole32

CoRegisterMessageFilter
CoDisconnectObject
StringFromCLSID
CoGetClassObject
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
OleRun
OleFlushClipboard
OleIsCurrentClipboard
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree

olepro32

ord253

oleaut32

VariantClear
VariantCopy
VariantInit
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayPutElement
SysAllocStringLen
SysStringLen
LoadTypeLi
VariantTimeToSystemTime
GetErrorInfo

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43ef0b9bf881cbb0b5fbc1d735d69539

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 228KB - Virtual size: 227KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 172KB - Virtual size: 188KB

.rsrc Size: 284KB - Virtual size: 281KB

.text
Size: 228KB - Virtual size: 227KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 172KB - Virtual size: 188KB

.rsrc
Size: 284KB - Virtual size: 281KB