fatalrat | 2073c59a323a901cf607b310b15125ef457e8c8c7fda2dce33c93f7bdd92aff3 | Triage

Submit
Reports

Overview

overview

Static

static

3

63bf82b7bd...0N.exe

windows7-x64

63bf82b7bd...0N.exe

windows10-2004-x64

Sharing

General

Target

63bf82b7bd6f481c0ca2ba4618f2e800N.exe
Size

216KB
Sample

240723-ewq75sxfmj
MD5

63bf82b7bd6f481c0ca2ba4618f2e800
SHA1

8c4b139e9bbba1aa4da71e96aa434643e9e9f7df
SHA256

2073c59a323a901cf607b310b15125ef457e8c8c7fda2dce33c93f7bdd92aff3
SHA512

8acff7ef8a861f28469100357aee9e6677c5544f1d200c64d3f8cbea6cb174b6ce57d810cb6ea01cd6b0326d251f7f843b2d41606bb6f235bf3d404bb5a71b65
SSDEEP

3072:mv+htWMtf+7GZYGVA2QJgi8xJLDoUPJEeUFMskH3dJV4CJruNs0:4EGqZYGVd82PDNEzFMXH3df1Jr30

Score

10^/10

fatalrat sality backdoor evasion infostealer rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

63bf82b7bd6f481c0ca2ba4618f2e800N.exe

Resource

win7-20240708-en

fatalrat sality backdoor evasion infostealer rat trojan upx

windows7-x64

17 signatures

120 seconds

Behavioral task

behavioral2

Sample

63bf82b7bd6f481c0ca2ba4618f2e800N.exe

Resource

win10v2004-20240709-en

fatalrat sality backdoor evasion infostealer rat trojan upx

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  63bf82b7bd6f481c0ca2ba4618f2e800N.exe
- Size
  
  216KB
- MD5
  
  63bf82b7bd6f481c0ca2ba4618f2e800
- SHA1
  
  8c4b139e9bbba1aa4da71e96aa434643e9e9f7df
- SHA256
  
  2073c59a323a901cf607b310b15125ef457e8c8c7fda2dce33c93f7bdd92aff3
- SHA512
  
  8acff7ef8a861f28469100357aee9e6677c5544f1d200c64d3f8cbea6cb174b6ce57d810cb6ea01cd6b0326d251f7f843b2d41606bb6f235bf3d404bb5a71b65
- SSDEEP
  
  3072:mv+htWMtf+7GZYGVA2QJgi8xJLDoUPJEeUFMskH3dJV4CJruNs0:4EGqZYGVd82PDNEzFMXH3df1Jr30
Score

10^/10

fatalrat sality backdoor evasion infostealer rat trojan upx
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Fatal Rat payload
  rat infostealer
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratsalitybackdoorevasioninfostealerrattrojanupx

behavioral2

fatalratsalitybackdoorevasioninfostealerrattrojanupx

© 2018-2024

Terms | Privacy