General

  • Target

    977c2c64d9fab63868834f7608f1aaf9c5f2b9eed37405964791f94f54589f95.exe

  • Size

    2.3MB

  • Sample

    240726-e94emazeqa

  • MD5

    03ba96beafa71789414d0c9ed40c41ad

  • SHA1

    4e6826256eb92f7b9b106e31b9c1619559d535fa

  • SHA256

    977c2c64d9fab63868834f7608f1aaf9c5f2b9eed37405964791f94f54589f95

  • SHA512

    7e1ffeb5df7d30e1f70dac8d3aaf6ec9e89bc45af459c8272bf3ed37bb2a91e10664a2d13a0126fc3a95defc5323cdd5ed9080908be91c6d25806ef26651d82d

  • SSDEEP

    49152:/zwkuPNZCkLOVtOk5qwqDJg3yw/JhBnLtxhA6v/e33g:8TrLObO9QxpvA6vv

Malware Config

Targets

    • Target

      977c2c64d9fab63868834f7608f1aaf9c5f2b9eed37405964791f94f54589f95.exe

    • Size

      2.3MB

    • MD5

      03ba96beafa71789414d0c9ed40c41ad

    • SHA1

      4e6826256eb92f7b9b106e31b9c1619559d535fa

    • SHA256

      977c2c64d9fab63868834f7608f1aaf9c5f2b9eed37405964791f94f54589f95

    • SHA512

      7e1ffeb5df7d30e1f70dac8d3aaf6ec9e89bc45af459c8272bf3ed37bb2a91e10664a2d13a0126fc3a95defc5323cdd5ed9080908be91c6d25806ef26651d82d

    • SSDEEP

      49152:/zwkuPNZCkLOVtOk5qwqDJg3yw/JhBnLtxhA6v/e33g:8TrLObO9QxpvA6vv

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    • Fatal Rat payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.