Overview

overview

10

Static

static

3

940dc4a029...de.exe

windows7-x64

10

940dc4a029...de.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-03-2024 03:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    940dc4a02912b70833ac3378571d76ecbeb1843e6f18d32991844878c982bdde.exe

  • Size

    884KB

  • MD5

    0aaa616d0539956bccb9bc191d242e1d

  • SHA1

    426ead4ee1f17954ff1faab5c30a8691dc7028bf

  • SHA256

    940dc4a02912b70833ac3378571d76ecbeb1843e6f18d32991844878c982bdde

  • SHA512

    e0f2b25b4680436964dc6ffd767cda4b99949a131135576b17a89db99fc72d704749d6a8cf48706784ab1015818edd154e221e4916df841a3b539c102a6176fa

  • SSDEEP

    24576:639bNTQbPHkjvLS8RfYtQZsUPTidGxXObf5L6tMezy:C0kX3MdUr4G9OLvwy

Score
10/10
fatalratinfostealerpersistencerat

Malware Config

Signatures

  • FatalRat

    FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    infostealerratfatalrat
  • Fatal Rat payload 2 IoCs
    ratinfostealer
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\940dc4a02912b70833ac3378571d76ecbeb1843e6f18d32991844878c982bdde.exe
    "C:\Users\Admin\AppData\Local\Temp\940dc4a02912b70833ac3378571d76ecbeb1843e6f18d32991844878c982bdde.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Users\Admin\AppData\Local\940dc4a02912b70833ac3378571d76ecbeb1843e6f18d32991844878c982bdde.exe
      "C:\Users\Admin\AppData\Local\940dc4a02912b70833ac3378571d76ecbeb1843e6f18d32991844878c982bdde.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of AdjustPrivilegeToken
      PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\940dc4a02912b70833ac3378571d76ecbeb1843e6f18d32991844878c982bdde.exe
    Filesize

    704KB

    MD5

    590813b662eb06a4adf3aa8dfb2ab07a

    SHA1

    1b2c53827b8bb9bbef6d3e507d8943bcfa0bc940

    SHA256

    28668a83d373a7981c209cbbbe0d34efb68d983a0786fb1eac221a2e3c5c71f3

    SHA512

    dc4b6d37be7fc419f8ce91afce4d54c3e22e7aa54f6344f9d217848c6cd527ac681d521d9642edc02a3eb63a7fd656651ba892aaad15892fd714e4b6736334a3

    Download Submit

  • C:\Users\Admin\AppData\Local\940dc4a02912b70833ac3378571d76ecbeb1843e6f18d32991844878c982bdde.exe
    Filesize

    884KB

    MD5

    0aaa616d0539956bccb9bc191d242e1d

    SHA1

    426ead4ee1f17954ff1faab5c30a8691dc7028bf

    SHA256

    940dc4a02912b70833ac3378571d76ecbeb1843e6f18d32991844878c982bdde

    SHA512

    e0f2b25b4680436964dc6ffd767cda4b99949a131135576b17a89db99fc72d704749d6a8cf48706784ab1015818edd154e221e4916df841a3b539c102a6176fa

    Download Submit

  • memory/1908-850-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-824-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-860-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-812-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-820-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-818-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-822-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-852-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-828-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-830-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-826-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-832-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-0-0x0000000000400000-0x00000000004F4000-memory.dmp

    Filesize

    976KB

    Download

  • memory/1908-836-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-838-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-840-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-842-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-844-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-846-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-848-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-834-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-816-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-814-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-858-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-856-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-854-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-862-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-864-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-866-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-870-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-868-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-872-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-2547-0x0000000001F70000-0x00000000020F1000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1908-8691-0x0000000000400000-0x00000000004F4000-memory.dmp

    Filesize

    976KB

    Download

  • memory/1908-8692-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-811-0x0000000002100000-0x0000000002211000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1908-8709-0x0000000002DC0000-0x0000000002EB4000-memory.dmp

    Filesize

    976KB

    Download

  • memory/1908-1-0x0000000075050000-0x0000000075097000-memory.dmp

    Filesize

    284KB

    Download

  • memory/2296-11256-0x0000000001F10000-0x0000000002091000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2296-17396-0x00000000020A0000-0x00000000021B1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2296-17401-0x0000000000400000-0x00000000004F4000-memory.dmp

    Filesize

    976KB

    Download

  • memory/2296-17410-0x0000000000400000-0x00000000004F4000-memory.dmp

    Filesize

    976KB

    Download