fatalrat | 94c42770a1fcfd7ca4da5b31863e888e63937a7ef3937db52826d5a10e2f38fc | Triage

Submit
Reports

Overview

overview

Static

static

3

94c42770a1...fc.exe

windows7-x64

94c42770a1...fc.exe

windows10-2004-x64

Sharing

General

Target

94c42770a1fcfd7ca4da5b31863e888e63937a7ef3937db52826d5a10e2f38fc
Size

888KB
Sample

240308-td68zabh8s
MD5

0a6f134168a6b2274ecbd1ffac7f2baf
SHA1

79154b96f2fa68e98e7effe466027472fb4be523
SHA256

94c42770a1fcfd7ca4da5b31863e888e63937a7ef3937db52826d5a10e2f38fc
SHA512

27f80b5a816592ad37c65ffd70e86891ef163c74a14a8d72b3bac31023888f2f610be07fa201e3b7a8b6ce00646d5c5684768719af1a18edc26123b61091c0b3
SSDEEP

24576:BlPrXQ/dKgXwQ4DbEM7VG3dDDy7FhK0fVTwmXOry3ACK2lQE7:BlzXQ/d/M7VGNveiCBwmXSA

Score

10^/10

fatalrat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

94c42770a1fcfd7ca4da5b31863e888e63937a7ef3937db52826d5a10e2f38fc.exe

Resource

win7-20240221-en

fatalrat infostealer rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

94c42770a1fcfd7ca4da5b31863e888e63937a7ef3937db52826d5a10e2f38fc.exe

Resource

win10v2004-20240226-en

fatalrat infostealer rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  94c42770a1fcfd7ca4da5b31863e888e63937a7ef3937db52826d5a10e2f38fc
- Size
  
  888KB
- MD5
  
  0a6f134168a6b2274ecbd1ffac7f2baf
- SHA1
  
  79154b96f2fa68e98e7effe466027472fb4be523
- SHA256
  
  94c42770a1fcfd7ca4da5b31863e888e63937a7ef3937db52826d5a10e2f38fc
- SHA512
  
  27f80b5a816592ad37c65ffd70e86891ef163c74a14a8d72b3bac31023888f2f610be07fa201e3b7a8b6ce00646d5c5684768719af1a18edc26123b61091c0b3
- SSDEEP
  
  24576:BlPrXQ/dKgXwQ4DbEM7VG3dDDy7FhK0fVTwmXOry3ACK2lQE7:BlzXQ/d/M7VGNveiCBwmXSA
Score

10^/10

fatalrat infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratinfostealerrat

behavioral2

fatalratinfostealerrat

© 2018-2024

Terms | Privacy