fatalrat | 5ef0131d1445258625224b6ee49268f16bfe03a15f97fd8473b9ecbc38ea802f | Triage

Submit
Reports

Overview

overview

Static

static

7

5ef0131d14...2f.exe

windows7-x64

5ef0131d14...2f.exe

windows10-2004-x64

Sharing

General

Target

5ef0131d1445258625224b6ee49268f16bfe03a15f97fd8473b9ecbc38ea802f
Size

10.9MB
Sample

240909-zsjzwazcpn
MD5

b7b3b56cc4868d64951511b2957adc66
SHA1

33a15e22a77d40260248d9e95aad7ae6fb271867
SHA256

5ef0131d1445258625224b6ee49268f16bfe03a15f97fd8473b9ecbc38ea802f
SHA512

218f7e0fd67a7b720286634bf17dbca9085b1b0afec9bb8fe6693448c48b9f4d8ef2e8f9560f961342032c3e0fb15141b9e996319c71f58b9f9c2a285bcfce35
SSDEEP

196608:CTPlhubFtjfiQQBl1t9ucQrsF5GnEyoMWqvfPjaeI1RI01fANYe4:Gui/Bl1CcQrsF5GnEyoMW42eI17FZ

Score

10^/10

fatalrat discovery infostealer persistence rat upx vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5ef0131d1445258625224b6ee49268f16bfe03a15f97fd8473b9ecbc38ea802f.exe

Resource

win7-20240903-en

fatalrat discovery infostealer persistence rat upx vmprotect

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

5ef0131d1445258625224b6ee49268f16bfe03a15f97fd8473b9ecbc38ea802f.exe

Resource

win10v2004-20240802-en

fatalrat discovery infostealer persistence rat upx vmprotect

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  5ef0131d1445258625224b6ee49268f16bfe03a15f97fd8473b9ecbc38ea802f
- Size
  
  10.9MB
- MD5
  
  b7b3b56cc4868d64951511b2957adc66
- SHA1
  
  33a15e22a77d40260248d9e95aad7ae6fb271867
- SHA256
  
  5ef0131d1445258625224b6ee49268f16bfe03a15f97fd8473b9ecbc38ea802f
- SHA512
  
  218f7e0fd67a7b720286634bf17dbca9085b1b0afec9bb8fe6693448c48b9f4d8ef2e8f9560f961342032c3e0fb15141b9e996319c71f58b9f9c2a285bcfce35
- SSDEEP
  
  196608:CTPlhubFtjfiQQBl1t9ucQrsF5GnEyoMWqvfPjaeI1RI01fANYe4:Gui/Bl1CcQrsF5GnEyoMW42eI17FZ
Score

10^/10

fatalrat discovery infostealer persistence rat upx vmprotect
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratdiscoveryinfostealerpersistenceratupxvmprotect

behavioral2

fatalratdiscoveryinfostealerpersistenceratupxvmprotect

© 2018-2024

Terms | Privacy