fatalrat | afd07970c1ec3cb7e7ee33a6cd158a92a8cfd0e1279f9fa962ab067d990e53db | Triage

Submit
Reports

Overview

overview

Static

static

3

afd07970c1...db.exe

windows7-x64

afd07970c1...db.exe

windows10-2004-x64

Sharing

General

Target

afd07970c1ec3cb7e7ee33a6cd158a92a8cfd0e1279f9fa962ab067d990e53db
Size

192KB
Sample

240603-cv3tfahc43
MD5

43152df794e12063ee12a31d789c04c6
SHA1

b5f9b8ba9c032fa2c1ee680d75823498843a5f41
SHA256

afd07970c1ec3cb7e7ee33a6cd158a92a8cfd0e1279f9fa962ab067d990e53db
SHA512

3aeb5895d2c62a4a9d0d09da6146726aa7b6b7db071e7fb8a9fab22d56c1a0f9248f36f2c387aac79dfaa0156a02d10c006733f66d7e1d4134654f39be897134
SSDEEP

3072:91ltw5LZseWDzoPZ6WS6BLfvgaSlpcD+08f:+SzkPDNGVf

Score

10^/10

fatalrat infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

afd07970c1ec3cb7e7ee33a6cd158a92a8cfd0e1279f9fa962ab067d990e53db.exe

Resource

win7-20240508-en

fatalrat infostealer persistence rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

afd07970c1ec3cb7e7ee33a6cd158a92a8cfd0e1279f9fa962ab067d990e53db.exe

Resource

win10v2004-20240508-en

fatalrat infostealer persistence rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  afd07970c1ec3cb7e7ee33a6cd158a92a8cfd0e1279f9fa962ab067d990e53db
- Size
  
  192KB
- MD5
  
  43152df794e12063ee12a31d789c04c6
- SHA1
  
  b5f9b8ba9c032fa2c1ee680d75823498843a5f41
- SHA256
  
  afd07970c1ec3cb7e7ee33a6cd158a92a8cfd0e1279f9fa962ab067d990e53db
- SHA512
  
  3aeb5895d2c62a4a9d0d09da6146726aa7b6b7db071e7fb8a9fab22d56c1a0f9248f36f2c387aac79dfaa0156a02d10c006733f66d7e1d4134654f39be897134
- SSDEEP
  
  3072:91ltw5LZseWDzoPZ6WS6BLfvgaSlpcD+08f:+SzkPDNGVf
Score

10^/10

fatalrat infostealer persistence rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Detects executables calling ClearMyTracksByProcess
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratinfostealerpersistencerat

behavioral2

fatalratinfostealerpersistencerat

© 2018-2024

Terms | Privacy