fatalrat | f80f8a725028bcc09639f7b1ff9439436d974f0bf92871048092eaec5d7458f0 | Triage

Submit
Reports

Overview

overview

Static

static

1

f80f8a7250...f0.msi

windows7-x64

6

f80f8a7250...f0.msi

windows10-2004-x64

Sharing

General

Target

f80f8a725028bcc09639f7b1ff9439436d974f0bf92871048092eaec5d7458f0
Size

200.6MB
Sample

240406-eespmsaf88
MD5

e43da50b0bbb9e87ce597440713a60b0
SHA1

7aac4d55e08cff1882297cff1c9bf67c4f69da68
SHA256

f80f8a725028bcc09639f7b1ff9439436d974f0bf92871048092eaec5d7458f0
SHA512

2fd0c58689588f04f7053c528c5d76bc678fa8bb1e4a9707a3a19b3517ce21c057249c210d46ba28dccf392216e9b9dfe44ca11773dac1f7f746ecea551d312d
SSDEEP

6291456:RyC80S2EhOoyizyq06TBo1u/3yFyAoJRsZF2:D8d2QfIq0V1uPyFyDJRq

Score

10^/10

fatalrat discovery infostealer rat spyware

Static task

static1

Behavioral task

behavioral1

Sample

f80f8a725028bcc09639f7b1ff9439436d974f0bf92871048092eaec5d7458f0.msi

Resource

win7-20240221-en

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

f80f8a725028bcc09639f7b1ff9439436d974f0bf92871048092eaec5d7458f0.msi

Resource

win10v2004-20240226-en

fatalrat discovery infostealer rat spyware

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  f80f8a725028bcc09639f7b1ff9439436d974f0bf92871048092eaec5d7458f0
- Size
  
  200.6MB
- MD5
  
  e43da50b0bbb9e87ce597440713a60b0
- SHA1
  
  7aac4d55e08cff1882297cff1c9bf67c4f69da68
- SHA256
  
  f80f8a725028bcc09639f7b1ff9439436d974f0bf92871048092eaec5d7458f0
- SHA512
  
  2fd0c58689588f04f7053c528c5d76bc678fa8bb1e4a9707a3a19b3517ce21c057249c210d46ba28dccf392216e9b9dfe44ca11773dac1f7f746ecea551d312d
- SSDEEP
  
  6291456:RyC80S2EhOoyizyq06TBo1u/3yFyAoJRsZF2:D8d2QfIq0V1uPyFyDJRq
Score

10^/10

discovery fatalrat infostealer rat spyware
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

fatalratdiscoveryinfostealerratspyware

© 2018-2025

Terms | Privacy