fatalrat | a6c02e46a91c89a18c9916932995b28155443c248b8ebcf94c7ddd7bd3ce82df | Triage

Submit
Reports

Overview

overview

Static

static

7

a6c02e46a9...df.dll

windows7-x64

a6c02e46a9...df.dll

windows10-2004-x64

Sharing

General

Target

a6c02e46a91c89a18c9916932995b28155443c248b8ebcf94c7ddd7bd3ce82df
Size

124KB
Sample

240719-q6gl8svajm
MD5

b9bdbc398c141c0612d34e505378031f
SHA1

74b3cea09797b0512ba92c135ab1b19624236447
SHA256

a6c02e46a91c89a18c9916932995b28155443c248b8ebcf94c7ddd7bd3ce82df
SHA512

3d7fb066ac6abe10a209fdfde5ce82cf1f6d19a4dc55203c7b542feb11972273c473468c3f1ee615dadce40e9f4cca7d8899188f0ca4a923f961839511b961ec
SSDEEP

3072:SAdJ0QJXjyGX21G3ihVTZrLZkjg+mjDsvwUOVyrdy:3j02XjyiL3ihVR2jf84nOVyrdy

Score

10^/10

fatalrat infostealer persistence rat vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a6c02e46a91c89a18c9916932995b28155443c248b8ebcf94c7ddd7bd3ce82df.dll

Resource

win7-20240708-en

fatalrat infostealer persistence rat vmprotect

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

a6c02e46a91c89a18c9916932995b28155443c248b8ebcf94c7ddd7bd3ce82df.dll

Resource

win10v2004-20240704-en

fatalrat infostealer persistence rat vmprotect

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a6c02e46a91c89a18c9916932995b28155443c248b8ebcf94c7ddd7bd3ce82df
- Size
  
  124KB
- MD5
  
  b9bdbc398c141c0612d34e505378031f
- SHA1
  
  74b3cea09797b0512ba92c135ab1b19624236447
- SHA256
  
  a6c02e46a91c89a18c9916932995b28155443c248b8ebcf94c7ddd7bd3ce82df
- SHA512
  
  3d7fb066ac6abe10a209fdfde5ce82cf1f6d19a4dc55203c7b542feb11972273c473468c3f1ee615dadce40e9f4cca7d8899188f0ca4a923f961839511b961ec
- SSDEEP
  
  3072:SAdJ0QJXjyGX21G3ihVTZrLZkjg+mjDsvwUOVyrdy:3j02XjyiL3ihVR2jf84nOVyrdy
Score

10^/10

fatalrat infostealer persistence rat vmprotect
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Blocklisted process makes network request
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratinfostealerpersistenceratvmprotect

behavioral2

fatalratinfostealerpersistenceratvmprotect

© 2018-2024

Terms | Privacy