fatalrat | 4a1ae7cf9606365db8ea043516a7ea76f673e55f3165f9e3573e31bc3b4710dd | Triage

Sharing

General

Target

7Q7ATX.zip
Size

2.8MB
Sample

240419-qfgjjsec4w
MD5

9d23d38f47cd3157498c29c4243583df
SHA1

c16f65629ca1db923aad762848d34a494b9b07a2
SHA256

4a1ae7cf9606365db8ea043516a7ea76f673e55f3165f9e3573e31bc3b4710dd
SHA512

fa482f0862e6ee0052a7291b7734ef4c6fbb2833355e6019736a4d08f74cbcf185c22dca525f5550d9343e399e8e2c2b0160938e9ed100bdc0b82063921923b0
SSDEEP

49152:DmTl8mWHNd/S4Z+hIlFrKOfs+ge2HJ96pXWrmS917SiPcntyA7LwSf69:Dmemsr/nuoOQB2psX5s17LPcnNYSy9

Score

10^/10

fatalrat infostealer rat

Malware Config

Targets

- Target
  
  7Q7ATX/9DTDG_o.exe
- Size
  
  148KB
- MD5
  
  f852aa63bc40b55bee5f0df8ab7ca885
- SHA1
  
  35bd2a698af33ef4dd20a8c32f7afbe65aafdb80
- SHA256
  
  e8b572831fe43f52bcf004ae3eee3ec7be5e8a31fc46721b1f6343baa2858aa0
- SHA512
  
  e95d1963953fa7a29c162b848cf30629b7bfb025f4235a6eda5f293e793e9dfac630e482fd246a4e337e12a8c1738066d83382e93c5b5bcdcbe91fe24742e5f1
- SSDEEP
  
  1536:4ApcD8QFjMFvLl5DABLu7SN5+DLNPFthAQd3qHvDXrqwHn9cdsK0sM6QMIEvYn70:rp28Lpk82agQcqqW
Score

10^/10

fatalrat infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  7Q7ATX/longlq.cl
- Size
  
  1.0MB
- MD5
  
  20ee9aa56c761f5b6bdade9dbf9114ac
- SHA1
  
  31ee192ef3075f4f237bd5bc3b8cbd18dd241d55
- SHA256
  
  e35d8d55a9475d760210e50e9ab207b740967fd6968e78327d9e1b42500b50e7
- SHA512
  
  6bf19e5eac822a5f65b69e41c53281d26110d5edfd3693cde19554c13487be4e20749be73f3c11e1f6e162f6b0340d9c438ee24e5b70920cfd4d880fa5eed122
- SSDEEP
  
  3072:PCbuMkGVDr1UfZr8UbedIfCBcjGFwHKpELON4PyxMT21g36Z07+Xe34cc/Gcq1CG:PbfXFUUfMihLiIeku7ign4SL1R8Byjk1
Score

3^/10
behavioral3 behavioral4
- Target
  
  7Q7ATX/msvbvm50.dll
- Size
  
  3.7MB
- MD5
  
  fe3a753e5f327ed57942e81aefab4afb
- SHA1
  
  941d432fdce3d35d10ee2ae964a4dac5ae3e52c9
- SHA256
  
  9eea3c289a636a07ecd3dac31d5b853f4303ff5b0e27b867c718f29e1d1f1909
- SHA512
  
  fc3cfb59e0dded40be745d5ee33df904eff1950edb213bd68d421f60116f96a3506a10c07ea121f2e540f49b334e0f7bd7261fab367d006803a439a522ae5482
- SSDEEP
  
  49152:mQm9xbMYJKQZ+7UZF96Ofgu6yEHz7c3z2rESxvVaSZedtWALlQQR0m0:zmTMuCU4Q1ETGzVwvV9Zed5OQOj
Score

1^/10
behavioral5 behavioral6
- Target
  
  7Q7ATX/p.mgc
- Size
  
  80B
- MD5
  
  7bd6915380aec15a32cdb9a101c662f2
- SHA1
  
  9887fd2810a46043a4799e79abdb1d8fedcb2fcf
- SHA256
  
  e8d7ecbfe7fc511d64f278280b84001f48bbccef198926ef4a6b23ec99b53710
- SHA512
  
  76eb0ac8177939c5a9ae4f25c928c396173247246ebe7bd33e633d5e7fd5b5c63e3c0d4aece3cab1bfa95aa819a6db39728269b966a7bfbf1ef5ad66894e0694
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratinfostealerrat

behavioral2

fatalratinfostealerrat

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8