Overview

overview

10

Static

static

3

9fea96a966...94.exe

windows7-x64

10

9fea96a966...94.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 10:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9fea96a966a3d5e6e6c6a126985fc90c6b679931585b97bf486ab90b74722294.exe

  • Size

    192KB

  • MD5

    e7ad4f56705c68fb298b9fecbc3f2ff6

  • SHA1

    b96f27b8e258992faed772de3b2b2f4c0aa0aeb6

  • SHA256

    9fea96a966a3d5e6e6c6a126985fc90c6b679931585b97bf486ab90b74722294

  • SHA512

    7c42099e544985f27b78c09beebc3a4e9b398cb3823910b3c636fe7c345ea1e4787878998fa0754c1051e907dac69b500c6187d88dd85b7cca798c505236959b

  • SSDEEP

    3072:Twixt0EbxotGf0LkM/GefzJLiMgnSl0O7180tf:c6biy0gM/1EGNf

Score
10/10
fatalratinfostealerrat

Malware Config

Signatures

  • FatalRat

    FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    infostealerratfatalrat
  • Fatal Rat payload 1 IoCs
    ratinfostealer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9fea96a966a3d5e6e6c6a126985fc90c6b679931585b97bf486ab90b74722294.exe
    "C:\Users\Admin\AppData\Local\Temp\9fea96a966a3d5e6e6c6a126985fc90c6b679931585b97bf486ab90b74722294.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3648-0-0x0000000010000000-0x000000001002A000-memory.dmp

    Filesize

    168KB

    Download