fatalrat | d5f1a67929e16bc93f8f1b889bfa38fdf4236391319b2fc9682aff365124cc2b | Triage

Sharing

General

Target

d5f1a67929e16bc93f8f1b889bfa38fdf4236391319b2fc9682aff365124cc2b
Size

3.5MB
Sample

240910-e92wssxckk
MD5

5ade654e7a7ec8bf2d39d3fc93347e36
SHA1

166cad52099199c90d1f60cfbcb06c3ac5c771a8
SHA256

d5f1a67929e16bc93f8f1b889bfa38fdf4236391319b2fc9682aff365124cc2b
SHA512

f94094e15d8ed2e5af115a21f4fd79adef3bfb0fcd392c15d1034e69cd662a443fe94fd3064eca28208cae5aec923c94cfef7d44f48a8375cd8d882799d3196d
SSDEEP

98304:P0e6mnKhq9X8sAicJFvl6zG6lzhZgGx3RPboGmDNiMdS:PB6B4X8b3FV6lzzgGDfmDNY

Score

10^/10

fatalrat discovery evasion infostealer persistence rat trojan

Malware Config

Targets

- Target
  
  uyd.exe
- Size
  
  5.6MB
- MD5
  
  2295488c4b91a2e19e098945b5d52bf7
- SHA1
  
  2b2c51cf640e158b9a811bb520e1d5f0844ea021
- SHA256
  
  41bd610f99dfe3d52e864906ea891f2df5f4072726591697bfc678bfa26ecd69
- SHA512
  
  b47bab5f79d64eaaa6dea25cc6d69dc1aca6fd8ca39dc7813660eb20df2d592fdbf28b8671e01a0f0cbc388ed638aae397bbe056a926cc1dda8d0ff8611e02a4
- SSDEEP
  
  98304:JJIK4qnhD6HBnpg5negdwSfeP6cBMGZ7lo+H3FtoqFZojg1:JJIKtmpg9ASfeP6ceYH3FtoqFOQ
Score

10^/10

fatalrat discovery evasion infostealer persistence rat trojan
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratdiscoveryevasioninfostealerpersistencerattrojan

behavioral2

fatalratdiscoveryevasioninfostealerpersistencerattrojan