General
-
Target
6a60bb89f83b1bf201e2552ed71ff0c7d24f3620992c82382e266f88feeb0814
-
Size
951KB
-
Sample
231220-kek8fsfcg5
-
MD5
c6f4b84ea898f6a46cf5c4d78b84b58d
-
SHA1
9a70d273c9e6c05dc8ca1d449eb7bf9bbe0206a1
-
SHA256
6a60bb89f83b1bf201e2552ed71ff0c7d24f3620992c82382e266f88feeb0814
-
SHA512
a7cd8277ae8da1103c825a9b66c184428d86e13924d6edef6f0dc247b5e8258e7645e6945fe379950722e206d3f2cb949c3fbff34d3171b2335a339e0f833cdf
-
SSDEEP
24576:k0FaewhcAu6vcEDdNAlRQY1IJQTGngTqhG7:itw4cEDd2l12iTGnWqh
Malware Config
Targets
-
-
Target
6a60bb89f83b1bf201e2552ed71ff0c7d24f3620992c82382e266f88feeb0814
-
Size
951KB
-
MD5
c6f4b84ea898f6a46cf5c4d78b84b58d
-
SHA1
9a70d273c9e6c05dc8ca1d449eb7bf9bbe0206a1
-
SHA256
6a60bb89f83b1bf201e2552ed71ff0c7d24f3620992c82382e266f88feeb0814
-
SHA512
a7cd8277ae8da1103c825a9b66c184428d86e13924d6edef6f0dc247b5e8258e7645e6945fe379950722e206d3f2cb949c3fbff34d3171b2335a339e0f833cdf
-
SSDEEP
24576:k0FaewhcAu6vcEDdNAlRQY1IJQTGngTqhG7:itw4cEDd2l12iTGnWqh
Score10/10-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Fatal Rat payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-