fatalrat | cd9c6f0b76e00e15e91a483d23b2c66c7d9f65f296d5b70b8ba691acd82c283b | Triage

Submit
Reports

Overview

overview

Static

static

7

cd9c6f0b76...3b.exe

windows10-2004-x64

cd9c6f0b76...3b.exe

windows11-21h2-x64

Resubmissions

14-12-2023 13:23

231214-qmryvsfch2 10

14-12-2023 12:56

231214-p6v9ysdgar 7

Sharing

General

Target

cd9c6f0b76e00e15e91a483d23b2c66c7d9f65f296d5b70b8ba691acd82c283b
Size

6.8MB
Sample

231214-qmryvsfch2
MD5

2f00f70020c479b1fe7e32b6fdde6ad2
SHA1

13b9ad6874690af1d32eaf3ee8b2bb5674d59953
SHA256

cd9c6f0b76e00e15e91a483d23b2c66c7d9f65f296d5b70b8ba691acd82c283b
SHA512

a2f55b7c8dd3b5cd330a4c2bef957cca5cb19b873544bb2a8b57c047959233a30b6ecbc96460c65a6773161292b9571a339b4f1af273c1e7fb908b7343ea4fc9
SSDEEP

196608:pszgrJ3dUZdF+7+oHKuGKVSlo2Eaezj8/DFvYKf1JFh:pszXd6+oCeSlo6e4xAKD

Score

10^/10

fatalrat infostealer rat vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cd9c6f0b76e00e15e91a483d23b2c66c7d9f65f296d5b70b8ba691acd82c283b.exe

Resource

win10v2004-20231127-en

fatalrat infostealer rat vmprotect

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

cd9c6f0b76e00e15e91a483d23b2c66c7d9f65f296d5b70b8ba691acd82c283b.exe

Resource

win11-20231129-en

fatalrat infostealer rat vmprotect

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  cd9c6f0b76e00e15e91a483d23b2c66c7d9f65f296d5b70b8ba691acd82c283b
- Size
  
  6.8MB
- MD5
  
  2f00f70020c479b1fe7e32b6fdde6ad2
- SHA1
  
  13b9ad6874690af1d32eaf3ee8b2bb5674d59953
- SHA256
  
  cd9c6f0b76e00e15e91a483d23b2c66c7d9f65f296d5b70b8ba691acd82c283b
- SHA512
  
  a2f55b7c8dd3b5cd330a4c2bef957cca5cb19b873544bb2a8b57c047959233a30b6ecbc96460c65a6773161292b9571a339b4f1af273c1e7fb908b7343ea4fc9
- SSDEEP
  
  196608:pszgrJ3dUZdF+7+oHKuGKVSlo2Eaezj8/DFvYKf1JFh:pszXd6+oCeSlo6e4xAKD
Score

10^/10

fatalrat infostealer rat vmprotect
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratinfostealerratvmprotect

behavioral2

fatalratinfostealerratvmprotect

© 2018-2024

Terms | Privacy