Overview

overview

10

Static

static

3

win32-quickq.exe

windows7-x64

10

win32-quickq.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    win32-quickq.exe.v

  • Size

    98.8MB

  • Sample

    240910-f92fpsydrj

  • MD5

    84c5c0f072140a6f345e4673ae3d9cfd

  • SHA1

    cab780e0bc79ad5e30db288992d1e33ed285e012

  • SHA256

    c2d4be685a8d7c43049d0ed965418d0e2cf52f348c5b562244e62a2cf173b9a5

  • SHA512

    224f9576f25ea8f3b464a8bf138394e3f122f5d2204d7f9531907e3507defcb218e140393594ef4e1dd47791e13b12812a6a3aab9e5fdee3ba7fe10aeff344c4

  • SSDEEP

    3145728:nHhrbcP7qpNIcQKhJyGogndBMSjaT5GPUofj:HTtvTyUdBpc/of

Score
10/10
fatalratdiscoveryevasioninfostealerpersistencerattrojan

Malware Config

Targets

    • Target

      win32-quickq.exe.v

    • Size

      98.8MB

    • MD5

      84c5c0f072140a6f345e4673ae3d9cfd

    • SHA1

      cab780e0bc79ad5e30db288992d1e33ed285e012

    • SHA256

      c2d4be685a8d7c43049d0ed965418d0e2cf52f348c5b562244e62a2cf173b9a5

    • SHA512

      224f9576f25ea8f3b464a8bf138394e3f122f5d2204d7f9531907e3507defcb218e140393594ef4e1dd47791e13b12812a6a3aab9e5fdee3ba7fe10aeff344c4

    • SSDEEP

      3145728:nHhrbcP7qpNIcQKhJyGogndBMSjaT5GPUofj:HTtvTyUdBpc/of

    Score
    10/10
    fatalratdiscoveryevasioninfostealerpersistencerattrojan

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks