General
-
Target
e6adc111ea41c5970c4b551ade5ddd39e096c76660fa56c359d614b6c599a8b8
-
Size
451KB
-
Sample
231016-hacz6scb9x
-
MD5
3f912633a9016be09ed0ad9198b04858
-
SHA1
088c7e6811ba2423d1d70d781425c6d458881138
-
SHA256
e6adc111ea41c5970c4b551ade5ddd39e096c76660fa56c359d614b6c599a8b8
-
SHA512
aef19da24f15c72002de4cb7643d3f58d553e4fe46758c93b8a06dd40736c8e08d37c1f622af6880c340ced1fd7a4b44901b80e2942e8329348aa6339edf713d
-
SSDEEP
6144:qgpp0YsbYHF5TFmQCvUadFljva69ZCQEE5aFKM9tZMllMQcBBsqR6DQ9L78H:qgp6yF5id3dfwrZ4lM/BBsqR00H8H
Malware Config
Targets
-
-
Target
e6adc111ea41c5970c4b551ade5ddd39e096c76660fa56c359d614b6c599a8b8
-
Size
451KB
-
MD5
3f912633a9016be09ed0ad9198b04858
-
SHA1
088c7e6811ba2423d1d70d781425c6d458881138
-
SHA256
e6adc111ea41c5970c4b551ade5ddd39e096c76660fa56c359d614b6c599a8b8
-
SHA512
aef19da24f15c72002de4cb7643d3f58d553e4fe46758c93b8a06dd40736c8e08d37c1f622af6880c340ced1fd7a4b44901b80e2942e8329348aa6339edf713d
-
SSDEEP
6144:qgpp0YsbYHF5TFmQCvUadFljva69ZCQEE5aFKM9tZMllMQcBBsqR6DQ9L78H:qgp6yF5id3dfwrZ4lM/BBsqR00H8H
Score10/10-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Fatal Rat payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-