fatalrat | 27d7ca6b9c3a88a89809c12dbc29374af3a33adace5b4c312d9fd21e280e7fc2 | Triage

Submit
Reports

Overview

overview

Static

static

3

27d7ca6b9c...c2.exe

windows7-x64

27d7ca6b9c...c2.exe

windows10-2004-x64

Sharing

General

Target

27d7ca6b9c3a88a89809c12dbc29374af3a33adace5b4c312d9fd21e280e7fc2
Size

235KB
Sample

230917-ma4kcahd7z
MD5

a9e4aa023ae9d9b512963499d80738c3
SHA1

17692ef022de815d2170f8ef4b028219ac93a3aa
SHA256

27d7ca6b9c3a88a89809c12dbc29374af3a33adace5b4c312d9fd21e280e7fc2
SHA512

6e995fb213bda5e6c7a8eb89e08edcc0a125968a0f44724c74cf163bf93bde2fc414c98634f7bc69b8f0bd08be934c3958f3bad6105011367a36df7417be6f17
SSDEEP

6144:PEVkyf8W4pFwGPodNdPwjYXAO0T6/35iVvPN:PEVkm74pKyjjK2T6/35ipPN

Score

10^/10

fatalrat gh0strat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

27d7ca6b9c3a88a89809c12dbc29374af3a33adace5b4c312d9fd21e280e7fc2.exe

Resource

win7-20230831-en

fatalrat gh0strat infostealer rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

27d7ca6b9c3a88a89809c12dbc29374af3a33adace5b4c312d9fd21e280e7fc2.exe

Resource

win10v2004-20230915-en

fatalrat gh0strat infostealer rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  27d7ca6b9c3a88a89809c12dbc29374af3a33adace5b4c312d9fd21e280e7fc2
- Size
  
  235KB
- MD5
  
  a9e4aa023ae9d9b512963499d80738c3
- SHA1
  
  17692ef022de815d2170f8ef4b028219ac93a3aa
- SHA256
  
  27d7ca6b9c3a88a89809c12dbc29374af3a33adace5b4c312d9fd21e280e7fc2
- SHA512
  
  6e995fb213bda5e6c7a8eb89e08edcc0a125968a0f44724c74cf163bf93bde2fc414c98634f7bc69b8f0bd08be934c3958f3bad6105011367a36df7417be6f17
- SSDEEP
  
  6144:PEVkyf8W4pFwGPodNdPwjYXAO0T6/35iVvPN:PEVkm74pKyjjK2T6/35ipPN
Score

10^/10

fatalrat gh0strat infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratgh0stratinfostealerrat

behavioral2

fatalratgh0stratinfostealerrat

© 2018-2025

Terms | Privacy