fatalrat | c6aac0b9688ba5c0870da940586fc490c162beaa73f43d9fee6d4b4655bcf860 | Triage

Submit
Reports

Overview

overview

Static

static

1

c6aac0b968...60.exe

windows7-x64

c6aac0b968...60.exe

windows10-2004-x64

Sharing

General

Target

c6aac0b9688ba5c0870da940586fc490c162beaa73f43d9fee6d4b4655bcf860
Size

528KB
Sample

230922-xprjfabg97
MD5

becd95aa413ca13ab1d16ca2a2624265
SHA1

b952bed06d54f210d7e4efa38ec41845f4565af5
SHA256

c6aac0b9688ba5c0870da940586fc490c162beaa73f43d9fee6d4b4655bcf860
SHA512

450b7ce0561295aaef07b724c78ad9da80995d7c59323a18d92d4f5a185c581527713787bcee61f169cd78b0977284fece2bb16794c4f3d78d874dd82c22b6c5
SSDEEP

12288:F8vZ88x97XB5snEX2JkFx3qwBSA8wWApEvOPJGdRxbdHo31:FSZ9nbsEUkr3FBIwWApEvOPJGdRxbdHu

Score

10^/10

fatalrat gh0strat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

c6aac0b9688ba5c0870da940586fc490c162beaa73f43d9fee6d4b4655bcf860.exe

Resource

win7-20230831-en

fatalrat gh0strat infostealer rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

c6aac0b9688ba5c0870da940586fc490c162beaa73f43d9fee6d4b4655bcf860.exe

Resource

win10v2004-20230915-en

fatalrat gh0strat infostealer rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  c6aac0b9688ba5c0870da940586fc490c162beaa73f43d9fee6d4b4655bcf860
- Size
  
  528KB
- MD5
  
  becd95aa413ca13ab1d16ca2a2624265
- SHA1
  
  b952bed06d54f210d7e4efa38ec41845f4565af5
- SHA256
  
  c6aac0b9688ba5c0870da940586fc490c162beaa73f43d9fee6d4b4655bcf860
- SHA512
  
  450b7ce0561295aaef07b724c78ad9da80995d7c59323a18d92d4f5a185c581527713787bcee61f169cd78b0977284fece2bb16794c4f3d78d874dd82c22b6c5
- SSDEEP
  
  12288:F8vZ88x97XB5snEX2JkFx3qwBSA8wWApEvOPJGdRxbdHo31:FSZ9nbsEUkr3FBIwWApEvOPJGdRxbdHu
Score

10^/10

fatalrat gh0strat infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratgh0stratinfostealerrat

behavioral2

fatalratgh0stratinfostealerrat

© 2018-2025

Terms | Privacy