General
-
Target
c29eb3ea929319a884bb8061faf36e855d93f44ba1362441d5fa34f70613181a
-
Size
5.6MB
-
Sample
231020-fskrmaeb9y
-
MD5
0481d5db958410e104c3ec077eeb6b5a
-
SHA1
2b52d36fa7feed40fd6e27749aa164b48a615f75
-
SHA256
c29eb3ea929319a884bb8061faf36e855d93f44ba1362441d5fa34f70613181a
-
SHA512
af6bcd124350e3f669b71c349f31c44fef8b1047ff101638057ea349ea5fe9db518f1a3dcbac1d72a8ce918de0b40c753adc15fbc79558bc41126766ee39b4ed
-
SSDEEP
98304:ZJ5+K5wCm/oXwzldh+bQeDV/x5szNfedamMhYVnYG:ZD+K6RawpWbQgxSzNfedamrY
Malware Config
Targets
-
-
Target
c29eb3ea929319a884bb8061faf36e855d93f44ba1362441d5fa34f70613181a
-
Size
5.6MB
-
MD5
0481d5db958410e104c3ec077eeb6b5a
-
SHA1
2b52d36fa7feed40fd6e27749aa164b48a615f75
-
SHA256
c29eb3ea929319a884bb8061faf36e855d93f44ba1362441d5fa34f70613181a
-
SHA512
af6bcd124350e3f669b71c349f31c44fef8b1047ff101638057ea349ea5fe9db518f1a3dcbac1d72a8ce918de0b40c753adc15fbc79558bc41126766ee39b4ed
-
SSDEEP
98304:ZJ5+K5wCm/oXwzldh+bQeDV/x5szNfedamMhYVnYG:ZD+K6RawpWbQgxSzNfedamrY
Score10/10-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Fatal Rat payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-