General
-
Target
18893733337.zip
-
Size
43.6MB
-
Sample
240910-y891kavfjd
-
MD5
856781e26d7662ded626046284a16e39
-
SHA1
ad757a2eb8ef653a265c61d902eb3bb893d434ce
-
SHA256
fee4bc48a833facbde77aeb03320697fe7a1e54d633f6d9f157cf994b2a405f1
-
SHA512
0aa0dbfab1454db1b1cecb107cacf64b5c1e021f5590d5fb76061783d59bff0d582841f9c5383dbbd55057dc20fdfd54a750eafc034269eb37feeab4fff86a92
-
SSDEEP
786432:eS2/6b28dfN90mcjS78WqrgrOiS2AF2vtAqamm6TOYh+88Plh3rLB/msbQj:Uib28dV90mcjaQ72+XmmM2j3rLBnQj
Static task
static1
Behavioral task
behavioral1
Sample
d348b2fd315d69bb969cd00d30f1f11eeb45656e4e429e6555eebdd5a566e5b2.msi
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d348b2fd315d69bb969cd00d30f1f11eeb45656e4e429e6555eebdd5a566e5b2.msi
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
d348b2fd315d69bb969cd00d30f1f11eeb45656e4e429e6555eebdd5a566e5b2
-
Size
45.4MB
-
MD5
b548cd27d7cc4d966305c2fc5c0ee5e1
-
SHA1
2f116d9e09a8796c040abe8ca5f6637e1110ea8c
-
SHA256
d348b2fd315d69bb969cd00d30f1f11eeb45656e4e429e6555eebdd5a566e5b2
-
SHA512
8f5ec981769a44575f215fe53b58b4c6522efa98bfd7eb409ca166cd1dca766fc5f6f8af04ec9d3ace3ad1b54b3ad62612e8a599840161ff685c001aab32c086
-
SSDEEP
786432:1ELiyuxCaAPkt69LZSq5EfJ9WEH9aSeLHDKsn3MoNh2Z51JbY+R4+pjRxt7iQetk:1EiEaAW6FZSqSWs9aSeLHDWk2Z5O+fxX
-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Fatal Rat payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Modifies file permissions
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
4Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1System Binary Proxy Execution
1Msiexec
1