fatalrat

General

Target

5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623
Size

960KB
Sample

230904-2ln2cscb57
MD5

1a173f8fb5505e4b41a4dac9f3cb638a
SHA1

965f6d7d70e00b1f8050b3f3e1b59c5e2a437558
SHA256

5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623
SHA512

aaff59cd2e3c0c5af75a59836b9a94fa6b9a6eaee2a04b36a4825b393d4eafed12c0dfd9639978d80e6a59b3d557560f39e2bdacc60dbf0a7df4885cc3052ea5
SSDEEP

24576:r9POTuyNVxSnULWgUO7BLvceXHphatxFCuG:r9PkumOULWgHBbhJgtxFm

Score

10^/10

Malware Config

Targets

- Target
  
  5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623
- Size
  
  960KB
- MD5
  
  1a173f8fb5505e4b41a4dac9f3cb638a
- SHA1
  
  965f6d7d70e00b1f8050b3f3e1b59c5e2a437558
- SHA256
  
  5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623
- SHA512
  
  aaff59cd2e3c0c5af75a59836b9a94fa6b9a6eaee2a04b36a4825b393d4eafed12c0dfd9639978d80e6a59b3d557560f39e2bdacc60dbf0a7df4885cc3052ea5
- SSDEEP
  
  24576:r9POTuyNVxSnULWgUO7BLvceXHphatxFCuG:r9PkumOULWgHBbhJgtxFm
Score

10^/10

fatalrat evasion infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1497

Credential Access

Discovery

Query Registry

4

T1012

System Information Discovery

3

T1082

Virtualization/Sandbox Evasion

2

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Fatal Rat payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks computer location settings

Executes dropped EXE

Identifies Wine through registry keys

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2