General
-
Target
ec945f2d6b7a41cd6f9ed4b370f8a0bc595db3cfd8abfeb9edc06aa88b67729a
-
Size
5.5MB
-
Sample
231205-wa2kesea39
-
MD5
d414027b4174b50f1b66b4591414673e
-
SHA1
633efc9e4ee12c0eae5431b434adcf410731950b
-
SHA256
ec945f2d6b7a41cd6f9ed4b370f8a0bc595db3cfd8abfeb9edc06aa88b67729a
-
SHA512
581333ed6ca5e13c7e21ffc51422fdf5cd34592c9c3d91ef5241cdd1ccdd1cf8ca455762f3688d4faa4adff246b219ae1cc24f1098909b78f59fd7c72be42218
-
SSDEEP
98304:YclLQZyVp1vSIpvrU38WSJWN5orrj6/GGQGSZ2P4SNuF2Fo0i+M7xdI:V1BnU38WNibGSYP4w0RxX7xdI
Malware Config
Targets
-
-
Target
ec945f2d6b7a41cd6f9ed4b370f8a0bc595db3cfd8abfeb9edc06aa88b67729a
-
Size
5.5MB
-
MD5
d414027b4174b50f1b66b4591414673e
-
SHA1
633efc9e4ee12c0eae5431b434adcf410731950b
-
SHA256
ec945f2d6b7a41cd6f9ed4b370f8a0bc595db3cfd8abfeb9edc06aa88b67729a
-
SHA512
581333ed6ca5e13c7e21ffc51422fdf5cd34592c9c3d91ef5241cdd1ccdd1cf8ca455762f3688d4faa4adff246b219ae1cc24f1098909b78f59fd7c72be42218
-
SSDEEP
98304:YclLQZyVp1vSIpvrU38WSJWN5orrj6/GGQGSZ2P4SNuF2Fo0i+M7xdI:V1BnU38WNibGSYP4w0RxX7xdI
Score10/10-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Fatal Rat payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-