fatalrat | 39b2cc1250ca006a0fcb074b94e6b89029e454acb7bc085b9333da09c63e1030 | Triage

Submit
Reports

Overview

overview

Static

static

7

win32-quickq.exe

windows7-x64

win32-quickq.exe

windows10-2004-x64

Sharing

General

Target

win32-quickq.exe.vir
Size

102.7MB
Sample

240825-msr92azenc
MD5

399a4390ba9dc2d00eb1c7d1d143176a
SHA1

06ff13f49fcc98d4c3a89e7e9cde9dac482b3e0d
SHA256

39b2cc1250ca006a0fcb074b94e6b89029e454acb7bc085b9333da09c63e1030
SHA512

a536662b27d5959c83ab6124d2eb389fcf08af4207266138bf30a41fc99b8e25f5d42aa55a763f6ed672ca5fa604af7db2de42bfecc81017973f56fe0f7ae749
SSDEEP

3145728:zQbSJeWQ4vr+jQBlFiNUduBtPER5FHTAyCXu3:zQ+osrYNrrPiRWXu

Score

10^/10

fatalrat discovery evasion infostealer persistence rat trojan upx vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

win32-quickq.exe

Resource

win7-20240704-en

fatalrat discovery evasion infostealer persistence rat trojan upx vmprotect

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

win32-quickq.exe

Resource

win10v2004-20240802-en

fatalrat discovery evasion infostealer persistence rat trojan upx vmprotect

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  win32-quickq.exe.vir
- Size
  
  102.7MB
- MD5
  
  399a4390ba9dc2d00eb1c7d1d143176a
- SHA1
  
  06ff13f49fcc98d4c3a89e7e9cde9dac482b3e0d
- SHA256
  
  39b2cc1250ca006a0fcb074b94e6b89029e454acb7bc085b9333da09c63e1030
- SHA512
  
  a536662b27d5959c83ab6124d2eb389fcf08af4207266138bf30a41fc99b8e25f5d42aa55a763f6ed672ca5fa604af7db2de42bfecc81017973f56fe0f7ae749
- SSDEEP
  
  3145728:zQbSJeWQ4vr+jQBlFiNUduBtPER5FHTAyCXu3:zQ+osrYNrrPiRWXu
Score

10^/10

fatalrat discovery evasion infostealer persistence rat trojan upx vmprotect
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratdiscoveryevasioninfostealerpersistencerattrojanupxvmprotect

behavioral2

fatalratdiscoveryevasioninfostealerpersistencerattrojanupxvmprotect

© 2018-2024

Terms | Privacy