fatalrat | 5147c7e0398f0fd6ea913eaf5665019e614853f0a754ee72c76b3643a25ad404 | Triage

Submit
Reports

Overview

overview

Static

static

7

5147c7e039...04.exe

windows10-1703-x64

5147c7e039...04.exe

windows11-21h2-x64

Sharing

General

Target

5147c7e0398f0fd6ea913eaf5665019e614853f0a754ee72c76b3643a25ad404.exe
Size

7.6MB
Sample

240325-njf13shb61
MD5

0afe4a82ef51395bb6bda370313374a4
SHA1

555126d7cff7373dfda33d309c211776ef32a6e5
SHA256

5147c7e0398f0fd6ea913eaf5665019e614853f0a754ee72c76b3643a25ad404
SHA512

2f7f040839bbd28e61b7161702f602ed49da1eaa49ec30af8c94b87e54e2943c6094478bc32e856ab9b7f85b09722b9a556b52151c9760c9250ba921ab6a21f6
SSDEEP

196608:w5LIRiAsLXsRZj62vvoVLp7YuLNxr7mFCpp3FjbA9h:cYsrsRZj62X4EE7pl9A9h

Score

10^/10

fatalrat infostealer rat vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5147c7e0398f0fd6ea913eaf5665019e614853f0a754ee72c76b3643a25ad404.exe

Resource

win10-20240221-en

fatalrat infostealer rat vmprotect

windows10-1703-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

5147c7e0398f0fd6ea913eaf5665019e614853f0a754ee72c76b3643a25ad404.exe

Resource

win11-20240319-en

fatalrat infostealer rat vmprotect

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  5147c7e0398f0fd6ea913eaf5665019e614853f0a754ee72c76b3643a25ad404.exe
- Size
  
  7.6MB
- MD5
  
  0afe4a82ef51395bb6bda370313374a4
- SHA1
  
  555126d7cff7373dfda33d309c211776ef32a6e5
- SHA256
  
  5147c7e0398f0fd6ea913eaf5665019e614853f0a754ee72c76b3643a25ad404
- SHA512
  
  2f7f040839bbd28e61b7161702f602ed49da1eaa49ec30af8c94b87e54e2943c6094478bc32e856ab9b7f85b09722b9a556b52151c9760c9250ba921ab6a21f6
- SSDEEP
  
  196608:w5LIRiAsLXsRZj62vvoVLp7YuLNxr7mFCpp3FjbA9h:cYsrsRZj62X4EE7pl9A9h
Score

10^/10

fatalrat infostealer rat vmprotect
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratinfostealerratvmprotect

behavioral2

fatalratinfostealerratvmprotect

© 2018-2024

Terms | Privacy