Overview

overview

10

Static

static

7

letsvpn-latest.exe

windows7-x64

10

letsvpn-latest.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    letsvpn-latest.exe.vir

  • Size

    15.1MB

  • Sample

    240807-rzf8kataka

  • MD5

    9955837b547b049e589b4c6bcb663b3d

  • SHA1

    1547ee7757789f420268245adae70f6224548515

  • SHA256

    d972127893bdc4523b0f63ca4f8a3d55db64a52a86dcae0db523f339f4d0a723

  • SHA512

    31cf10306d5e1ea2f7beed8a1718fbbcb08b4a1965a93ab78716c5f7e06fa04772288c37a36340098fdd1b9a15cbfe164df0b30f4c796326e56cb814661e1d6d

  • SSDEEP

    393216:hVhKO2IhWbf5F7Dt5KOZAMIXVyZtXrBuMgpx1W+k0yn:hf2Iy5F7DmOCMPtBuPzW+kn

Score
10/10
fatalrataspackv2discoveryevasioninfostealerpersistencerattrojanupx

Malware Config

Targets

    • Target

      letsvpn-latest.exe.vir

    • Size

      15.1MB

    • MD5

      9955837b547b049e589b4c6bcb663b3d

    • SHA1

      1547ee7757789f420268245adae70f6224548515

    • SHA256

      d972127893bdc4523b0f63ca4f8a3d55db64a52a86dcae0db523f339f4d0a723

    • SHA512

      31cf10306d5e1ea2f7beed8a1718fbbcb08b4a1965a93ab78716c5f7e06fa04772288c37a36340098fdd1b9a15cbfe164df0b30f4c796326e56cb814661e1d6d

    • SSDEEP

      393216:hVhKO2IhWbf5F7Dt5KOZAMIXVyZtXrBuMgpx1W+k0yn:hf2Iy5F7DmOCMPtBuPzW+kn

    Score
    10/10
    fatalrataspackv2discoveryevasioninfostealerpersistencerattrojanupx

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks