General
-
Target
bb4985dd9ac7d1165ea3efa792353e2131226de3d726e1197c83272fb46d8c88
-
Size
955KB
-
Sample
230915-qygx2acb7w
-
MD5
43300528f352509302e289669403ded9
-
SHA1
a6644b5bed8ec405af2e0fc2a2dec86acffa4da3
-
SHA256
bb4985dd9ac7d1165ea3efa792353e2131226de3d726e1197c83272fb46d8c88
-
SHA512
3573586ac4fbc1114a17395d046843d9e31fa5005fee4bc2c9041f03281dc05858b9c93d4728135a91902f5f3d4bbc499c5a7c806e73ddce82397942eaee5562
-
SSDEEP
24576:ZnRoUWPkfjHFMlfph5qXxtw7AWYGQMJG1hVMgjBS6Z2sj8J6mOo4fL:ZmbkjH2vgh8joh7jBS6Z2084TooL
Malware Config
Targets
-
-
Target
bb4985dd9ac7d1165ea3efa792353e2131226de3d726e1197c83272fb46d8c88
-
Size
955KB
-
MD5
43300528f352509302e289669403ded9
-
SHA1
a6644b5bed8ec405af2e0fc2a2dec86acffa4da3
-
SHA256
bb4985dd9ac7d1165ea3efa792353e2131226de3d726e1197c83272fb46d8c88
-
SHA512
3573586ac4fbc1114a17395d046843d9e31fa5005fee4bc2c9041f03281dc05858b9c93d4728135a91902f5f3d4bbc499c5a7c806e73ddce82397942eaee5562
-
SSDEEP
24576:ZnRoUWPkfjHFMlfph5qXxtw7AWYGQMJG1hVMgjBS6Z2sj8J6mOo4fL:ZmbkjH2vgh8joh7jBS6Z2084TooL
Score10/10-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Fatal Rat payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-