Extracted

• • Target

    703f53e195248012916b04e99ad3ed1f42bb6a474e75fbb8b883897c6e2849da

  • Size

    128KB

  • MD5

    305a788cb39bbf8eae2165109db03e4f

  • SHA1

    9d42fc915ec900b82d7ca19cc569ebfd6038b12b

  • SHA256

    703f53e195248012916b04e99ad3ed1f42bb6a474e75fbb8b883897c6e2849da

  • SHA512

    6a2debe93cbf89bb92b8c133462cd0199204dbf12a9b9ded411542958340501330740cf3f85c35ab862ffae759b855e679de626989208e093b655505cd0cacd2

  • SSDEEP

    3072:FLzqtHZHbDovaAY9+h7FXncveijUGD+3o/JJ:8ZHQvaAq+hVnEvt/JJ

  Score

  10^/10

  fatalratgh0stratinfostealerratupx

  • FatalRat

    FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    infostealerratfatalrat

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • Fatal Rat payload

    ratinfostealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2