Overview

overview

10

Static

static

3

win32quickq.exe

windows7-x64

10

win32quickq.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    win32quickq.exe.v

  • Size

    98.7MB

  • Sample

    240907-vacevstejn

  • MD5

    274b5005729ff3ca3a84bdde29ed25df

  • SHA1

    10ced7c4d0e30cc4c778c2b6f699d0da15634785

  • SHA256

    4f45fa1686e9ded78d6b3f2ea6d7f21a92f09be8af2f0f4bebff992ee4e4d74b

  • SHA512

    7ea1c9e10cdc609590db8301feb78bea0225be0412a4d31c9d286d152a8b6b1ae4e11068838a23621e744e7e4c16999a9b144c549f5878ecb71ef0aa74383f69

  • SSDEEP

    3145728:nHFnG0mmO2y9E/IVswt2FKgFeCmn8b7OEzw:HL60as5YgtFmEz

Score
10/10
fatalratdiscoveryevasioninfostealerpersistencerattrojan

Malware Config

Targets

    • Target

      win32quickq.exe.v

    • Size

      98.7MB

    • MD5

      274b5005729ff3ca3a84bdde29ed25df

    • SHA1

      10ced7c4d0e30cc4c778c2b6f699d0da15634785

    • SHA256

      4f45fa1686e9ded78d6b3f2ea6d7f21a92f09be8af2f0f4bebff992ee4e4d74b

    • SHA512

      7ea1c9e10cdc609590db8301feb78bea0225be0412a4d31c9d286d152a8b6b1ae4e11068838a23621e744e7e4c16999a9b144c549f5878ecb71ef0aa74383f69

    • SSDEEP

      3145728:nHFnG0mmO2y9E/IVswt2FKgFeCmn8b7OEzw:HL60as5YgtFmEz

    Score
    10/10
    fatalratdiscoveryevasioninfostealerpersistencerattrojan

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks