fatalrat | 8f05b29284b0bf78da28f4591214941d29c7e3c06fc2cf88deec7303499d99df | Triage

Submit
Reports

Overview

overview

Static

static

3

8f05b29284...df.exe

windows7-x64

8f05b29284...df.exe

windows10-2004-x64

Sharing

General

Target

8f05b29284b0bf78da28f4591214941d29c7e3c06fc2cf88deec7303499d99df
Size

900KB
Sample

240415-rfk3eaad7w
MD5

b453df3dd59b3deb37751908cd8e677f
SHA1

645c922c5aa6e9eafdfb3b692962cedc0c567f5d
SHA256

8f05b29284b0bf78da28f4591214941d29c7e3c06fc2cf88deec7303499d99df
SHA512

e3ca834e05664323d0922d730599521eb5c3334e1775df7263ee1b6b19f3df1db0558f3c85c4b2541292b485f90578ffb160ef53a430439c1cb2e3be8bd8e58b
SSDEEP

24576:BIs/LMbqQ0r9BK3eeRAPbuTjBIxkul5AXMxABDsEC/:msDGtALeiwCFY4h/

Score

10^/10

fatalrat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8f05b29284b0bf78da28f4591214941d29c7e3c06fc2cf88deec7303499d99df.exe

Resource

win7-20240221-en

fatalrat infostealer rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f05b29284b0bf78da28f4591214941d29c7e3c06fc2cf88deec7303499d99df.exe

Resource

win10v2004-20240412-en

fatalrat infostealer rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  8f05b29284b0bf78da28f4591214941d29c7e3c06fc2cf88deec7303499d99df
- Size
  
  900KB
- MD5
  
  b453df3dd59b3deb37751908cd8e677f
- SHA1
  
  645c922c5aa6e9eafdfb3b692962cedc0c567f5d
- SHA256
  
  8f05b29284b0bf78da28f4591214941d29c7e3c06fc2cf88deec7303499d99df
- SHA512
  
  e3ca834e05664323d0922d730599521eb5c3334e1775df7263ee1b6b19f3df1db0558f3c85c4b2541292b485f90578ffb160ef53a430439c1cb2e3be8bd8e58b
- SSDEEP
  
  24576:BIs/LMbqQ0r9BK3eeRAPbuTjBIxkul5AXMxABDsEC/:msDGtALeiwCFY4h/
Score

10^/10

fatalrat infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratinfostealerrat

behavioral2

fatalratinfostealerrat

© 2018-2024

Terms | Privacy