fatalrat | 291e91026dc87e8d85e4a25cdbdce09010c4a7f1b2492e23e3ec875a3370c7d7 | Triage

Submit
Reports

Overview

overview

Static

static

1

291e91026d...d7.dll

windows7-x64

291e91026d...d7.dll

windows10-2004-x64

Sharing

General

Target

291e91026dc87e8d85e4a25cdbdce09010c4a7f1b2492e23e3ec875a3370c7d7
Size

922KB
Sample

231016-hypc4sed58
MD5

22019e31ea6f7134c94358e9eb8516fe
SHA1

51673f72f119b1fc391fcb8b0780c0077aac1e13
SHA256

291e91026dc87e8d85e4a25cdbdce09010c4a7f1b2492e23e3ec875a3370c7d7
SHA512

20d226aec3cc06aa2d62b555d144896fc6f7d575968f02997f96875640ba51801b9fd29925dd1e3ec092870a7696c5d14c1c0303f35607aa979f40a28ccc33d4
SSDEEP

24576:pFQlHXEcOC4yQHNrJn46YoNP0jhqFRDxVgx9NbMMdh:8l3EcOJyKNl4kOj6DxoM

Score

10^/10

fatalrat evasion infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

291e91026dc87e8d85e4a25cdbdce09010c4a7f1b2492e23e3ec875a3370c7d7.dll

Resource

win7-20230831-en

fatalrat evasion infostealer rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

291e91026dc87e8d85e4a25cdbdce09010c4a7f1b2492e23e3ec875a3370c7d7.dll

Resource

win10v2004-20230915-en

fatalrat evasion infostealer rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  291e91026dc87e8d85e4a25cdbdce09010c4a7f1b2492e23e3ec875a3370c7d7
- Size
  
  922KB
- MD5
  
  22019e31ea6f7134c94358e9eb8516fe
- SHA1
  
  51673f72f119b1fc391fcb8b0780c0077aac1e13
- SHA256
  
  291e91026dc87e8d85e4a25cdbdce09010c4a7f1b2492e23e3ec875a3370c7d7
- SHA512
  
  20d226aec3cc06aa2d62b555d144896fc6f7d575968f02997f96875640ba51801b9fd29925dd1e3ec092870a7696c5d14c1c0303f35607aa979f40a28ccc33d4
- SSDEEP
  
  24576:pFQlHXEcOC4yQHNrJn46YoNP0jhqFRDxVgx9NbMMdh:8l3EcOJyKNl4kOj6DxoM
Score

10^/10

fatalrat evasion infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Blocklisted process makes network request
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratevasioninfostealerrat

behavioral2

fatalratevasioninfostealerrat

© 2018-2025

Terms | Privacy