fatalrat | 6c6d7f7d566de84cd12a53e3c6007982042626e906d8189932e3cca828ed2bf6 | Triage

Submit
Reports

Overview

overview

Static

static

3

6c6d7f7d56...f6.exe

windows7-x64

6c6d7f7d56...f6.exe

windows10-2004-x64

Sharing

General

Target

6c6d7f7d566de84cd12a53e3c6007982042626e906d8189932e3cca828ed2bf6
Size

3.7MB
Sample

231226-lvhb6sbaal
MD5

8257dbbadbf1508e030161cffa5ab3b0
SHA1

8666310ea7d1b9b1f1519ab614c3100bf6a55b68
SHA256

6c6d7f7d566de84cd12a53e3c6007982042626e906d8189932e3cca828ed2bf6
SHA512

070622c925eacbc4e10c4179d78a526f79dd13377c9beef3fd398dbb1830f1ce7962385b8bbe8d91e26953e134be226253fba76f06e5c319e79fbb97ca5335f0
SSDEEP

49152:F8y4+H/MA9KvdXjuvugsDwy9p6a7ZIcQ2R8+06QlCQ1U2V+6kYdke+/skGV8rOvN:J/MOeDp6l08+06QxUZ6kB/skbrOl

Score

10^/10

fatalrat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6c6d7f7d566de84cd12a53e3c6007982042626e906d8189932e3cca828ed2bf6.exe

Resource

win7-20231129-en

fatalrat infostealer rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

6c6d7f7d566de84cd12a53e3c6007982042626e906d8189932e3cca828ed2bf6.exe

Resource

win10v2004-20231215-en

fatalrat infostealer rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6c6d7f7d566de84cd12a53e3c6007982042626e906d8189932e3cca828ed2bf6
- Size
  
  3.7MB
- MD5
  
  8257dbbadbf1508e030161cffa5ab3b0
- SHA1
  
  8666310ea7d1b9b1f1519ab614c3100bf6a55b68
- SHA256
  
  6c6d7f7d566de84cd12a53e3c6007982042626e906d8189932e3cca828ed2bf6
- SHA512
  
  070622c925eacbc4e10c4179d78a526f79dd13377c9beef3fd398dbb1830f1ce7962385b8bbe8d91e26953e134be226253fba76f06e5c319e79fbb97ca5335f0
- SSDEEP
  
  49152:F8y4+H/MA9KvdXjuvugsDwy9p6a7ZIcQ2R8+06QlCQ1U2V+6kYdke+/skGV8rOvN:J/MOeDp6l08+06QxUZ6kB/skbrOl
Score

10^/10

fatalrat infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratinfostealerrat

behavioral2

fatalratinfostealerrat

© 2018-2024

Terms | Privacy