General
-
Target
f3a917b571c5d076484b754440fe1de843f5c7a35fc21c244b6951e79bb0c070
-
Size
416KB
-
Sample
231013-cra91sce45
-
MD5
cc04461cecb63d207d2e12589dc163b0
-
SHA1
f5208002a9666497556246a3e054016499d7b597
-
SHA256
f3a917b571c5d076484b754440fe1de843f5c7a35fc21c244b6951e79bb0c070
-
SHA512
51244b5a53023c7a144c695c65ae14ec61df9483043b14a5d70c773bd1e3c1eea0bcf2a5b3739087071a83de6d195da26d39ceb45abc429ab8db1a50eb5c0778
-
SSDEEP
3072:ILzqtvZHbDovaAY9+h7FXncveijUGD+3o/QRnQ:PZHQvaAq+hVnEvt/QRnQ
Malware Config
Extracted
gh0strat
175.178.15.177
Targets
-
-
Target
f3a917b571c5d076484b754440fe1de843f5c7a35fc21c244b6951e79bb0c070
-
Size
416KB
-
MD5
cc04461cecb63d207d2e12589dc163b0
-
SHA1
f5208002a9666497556246a3e054016499d7b597
-
SHA256
f3a917b571c5d076484b754440fe1de843f5c7a35fc21c244b6951e79bb0c070
-
SHA512
51244b5a53023c7a144c695c65ae14ec61df9483043b14a5d70c773bd1e3c1eea0bcf2a5b3739087071a83de6d195da26d39ceb45abc429ab8db1a50eb5c0778
-
SSDEEP
3072:ILzqtvZHbDovaAY9+h7FXncveijUGD+3o/QRnQ:PZHQvaAq+hVnEvt/QRnQ
Score10/10-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Fatal Rat payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-