General

  • Target

    977c2c64d9fab63868834f7608f1aaf9c5f2b9eed37405964791f94f54589f95.exe

  • Size

    2.3MB

  • Sample

    240726-e94emazeqa

  • MD5

    03ba96beafa71789414d0c9ed40c41ad

  • SHA1

    4e6826256eb92f7b9b106e31b9c1619559d535fa

  • SHA256

    977c2c64d9fab63868834f7608f1aaf9c5f2b9eed37405964791f94f54589f95

  • SHA512

    7e1ffeb5df7d30e1f70dac8d3aaf6ec9e89bc45af459c8272bf3ed37bb2a91e10664a2d13a0126fc3a95defc5323cdd5ed9080908be91c6d25806ef26651d82d

  • SSDEEP

    49152:/zwkuPNZCkLOVtOk5qwqDJg3yw/JhBnLtxhA6v/e33g:8TrLObO9QxpvA6vv

Malware Config

Targets

    • Target

      977c2c64d9fab63868834f7608f1aaf9c5f2b9eed37405964791f94f54589f95.exe

    • Size

      2.3MB

    • MD5

      03ba96beafa71789414d0c9ed40c41ad

    • SHA1

      4e6826256eb92f7b9b106e31b9c1619559d535fa

    • SHA256

      977c2c64d9fab63868834f7608f1aaf9c5f2b9eed37405964791f94f54589f95

    • SHA512

      7e1ffeb5df7d30e1f70dac8d3aaf6ec9e89bc45af459c8272bf3ed37bb2a91e10664a2d13a0126fc3a95defc5323cdd5ed9080908be91c6d25806ef26651d82d

    • SSDEEP

      49152:/zwkuPNZCkLOVtOk5qwqDJg3yw/JhBnLtxhA6v/e33g:8TrLObO9QxpvA6vv

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    • Fatal Rat payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks