General
-
Target
9fc8f67f6570c9fc91f29046dd479445759d8536265efa9ca002c3572d6d30f2
-
Size
9.0MB
-
Sample
231023-mpw4tahh46
-
MD5
2e0cda9fc4ec5825448161d3f6af0906
-
SHA1
8f3b57f7ddf7a00e435f372d9013214c24b45b7f
-
SHA256
9fc8f67f6570c9fc91f29046dd479445759d8536265efa9ca002c3572d6d30f2
-
SHA512
9ded8989748ed83e0abbb30e1ca08870b6c231aaae70749fbdbe558b09d8b2df600f968479a8f73ea26e6b1c6d0ff4cc5b6fc23eb4be856d95e27c42f2eb7d8c
-
SSDEEP
98304:k2/1r91ACJda/Bg3DziUHWumVMPnkqFVwMmJTMNmlFU10dR8NzpKkvz:k2/FYCJcyziUHoWv/FKRJANSFNEpdv
Malware Config
Targets
-
-
Target
9fc8f67f6570c9fc91f29046dd479445759d8536265efa9ca002c3572d6d30f2
-
Size
9.0MB
-
MD5
2e0cda9fc4ec5825448161d3f6af0906
-
SHA1
8f3b57f7ddf7a00e435f372d9013214c24b45b7f
-
SHA256
9fc8f67f6570c9fc91f29046dd479445759d8536265efa9ca002c3572d6d30f2
-
SHA512
9ded8989748ed83e0abbb30e1ca08870b6c231aaae70749fbdbe558b09d8b2df600f968479a8f73ea26e6b1c6d0ff4cc5b6fc23eb4be856d95e27c42f2eb7d8c
-
SSDEEP
98304:k2/1r91ACJda/Bg3DziUHWumVMPnkqFVwMmJTMNmlFU10dR8NzpKkvz:k2/FYCJcyziUHoWv/FKRJANSFNEpdv
Score10/10-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Fatal Rat payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-