fatalrat

General

Target

ee1f34934049869dd608a6f1bea4aa5e0d27af7d197c96a21df301b60af64f53
Size

10.0MB
Sample

231205-vsrx9sde62
MD5

73035d421b0a5db8728c28888ad73593
SHA1

5b3279de1d7991d93e07f1efde31d5b0872114b0
SHA256

ee1f34934049869dd608a6f1bea4aa5e0d27af7d197c96a21df301b60af64f53
SHA512

3f28920e9d6458dd0d3b7ad9bd30b5199e1d61c735563c0b1bf52cf4b8c5e473e5b7a938fa1244d98bb3704bb9ea32bc14e6bce406f810e8ed4a5c4314da1246
SSDEEP

196608:DrudeaplDyMSWKFPQwRX/taBdeTDClnHdcUQiBQ+rEKRquFYj+Ibho7:Dxaple9Fr5tp/Cl9/xFrt5FYj+G

Score

10^/10

Malware Config

Targets

- Target
  
  ee1f34934049869dd608a6f1bea4aa5e0d27af7d197c96a21df301b60af64f53
- Size
  
  10.0MB
- MD5
  
  73035d421b0a5db8728c28888ad73593
- SHA1
  
  5b3279de1d7991d93e07f1efde31d5b0872114b0
- SHA256
  
  ee1f34934049869dd608a6f1bea4aa5e0d27af7d197c96a21df301b60af64f53
- SHA512
  
  3f28920e9d6458dd0d3b7ad9bd30b5199e1d61c735563c0b1bf52cf4b8c5e473e5b7a938fa1244d98bb3704bb9ea32bc14e6bce406f810e8ed4a5c4314da1246
- SSDEEP
  
  196608:DrudeaplDyMSWKFPQwRX/taBdeTDClnHdcUQiBQ+rEKRquFYj+Ibho7:Dxaple9Fr5tp/Cl9/xFrt5FYj+G
Score

10^/10

fatalrat evasion infostealer rat themida trojan upx
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

4

T1012

System Information Discovery

5

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Fatal Rat payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

ACProtect 1.3x - 1.4x DLL software

Checks BIOS information in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Themida packer

UPX packed file

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2