General

  • Target

    LisectAVT_2403002A_363.exe

  • Size

    7.6MB

  • Sample

    240725-ap7t4azbkh

  • MD5

    22b431d06ffbd17f49894fb5a8d708e1

  • SHA1

    0ffd16b2b439648da1cceca617e8d629c7905e8e

  • SHA256

    1484dbb7df09d9c16a2f90477c0d19636c1aa472bb15fc7bd5504fa2cf59d6ee

  • SHA512

    51c90a0bb6e269654cb7d95dd865b0fc196ce7b945d5e2cc5bea0c104863ce15e90d1e2969bf589ec7222a9111317cd1c8c4bff378b42fea62df270fde5de0fe

  • SSDEEP

    196608:w5LIRiAsLXsRZj62vvoVLp7YuLNxr7mFCpp3FjbA9:cYsrsRZj62X4EE7pl9A9

Malware Config

Targets

    • Target

      LisectAVT_2403002A_363.exe

    • Size

      7.6MB

    • MD5

      22b431d06ffbd17f49894fb5a8d708e1

    • SHA1

      0ffd16b2b439648da1cceca617e8d629c7905e8e

    • SHA256

      1484dbb7df09d9c16a2f90477c0d19636c1aa472bb15fc7bd5504fa2cf59d6ee

    • SHA512

      51c90a0bb6e269654cb7d95dd865b0fc196ce7b945d5e2cc5bea0c104863ce15e90d1e2969bf589ec7222a9111317cd1c8c4bff378b42fea62df270fde5de0fe

    • SSDEEP

      196608:w5LIRiAsLXsRZj62vvoVLp7YuLNxr7mFCpp3FjbA9:cYsrsRZj62X4EE7pl9A9

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    • Fatal Rat payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks