fatalrat

General

Target

110da8673eb291da57172ccac873ff42efb62e2f423104dc45571ff30691fcc1
Size

939KB
Sample

230904-2zxknabg6v
MD5

bec9b4e7943863ac7cd194c47ff11157
SHA1

6ca1a0f4ba363e20994a01b5db1cd4d4a76bba99
SHA256

110da8673eb291da57172ccac873ff42efb62e2f423104dc45571ff30691fcc1
SHA512

e057e1e3289e3d6effbfb2b51efa22401d51ce3506e8eaa2abb26d130297bffe3229dc34dfbe22269585f0245a6f85ab021b171206e7afac97cde49f004a0f8f
SSDEEP

24576:hs3rdwVbrcTtED4wcEDzHMC4ITeo8blsd9MPbYhwCDwg7UBzMzd:e3r88Tmk4PsvC8BsdsbA7UZMzd

Score

10^/10

Malware Config

Targets

- Target
  
  110da8673eb291da57172ccac873ff42efb62e2f423104dc45571ff30691fcc1
- Size
  
  939KB
- MD5
  
  bec9b4e7943863ac7cd194c47ff11157
- SHA1
  
  6ca1a0f4ba363e20994a01b5db1cd4d4a76bba99
- SHA256
  
  110da8673eb291da57172ccac873ff42efb62e2f423104dc45571ff30691fcc1
- SHA512
  
  e057e1e3289e3d6effbfb2b51efa22401d51ce3506e8eaa2abb26d130297bffe3229dc34dfbe22269585f0245a6f85ab021b171206e7afac97cde49f004a0f8f
- SSDEEP
  
  24576:hs3rdwVbrcTtED4wcEDzHMC4ITeo8blsd9MPbYhwCDwg7UBzMzd:e3r88Tmk4PsvC8BsdsbA7UZMzd
Score

10^/10

fatalrat evasion infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1497

Credential Access

Discovery

Query Registry

4

T1012

System Information Discovery

3

T1082

Virtualization/Sandbox Evasion

2

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Fatal Rat payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks computer location settings

Executes dropped EXE

Identifies Wine through registry keys

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2