General

  • Target

    18893733337.zip

  • Size

    43.6MB

  • Sample

    240910-y891kavfjd

  • MD5

    856781e26d7662ded626046284a16e39

  • SHA1

    ad757a2eb8ef653a265c61d902eb3bb893d434ce

  • SHA256

    fee4bc48a833facbde77aeb03320697fe7a1e54d633f6d9f157cf994b2a405f1

  • SHA512

    0aa0dbfab1454db1b1cecb107cacf64b5c1e021f5590d5fb76061783d59bff0d582841f9c5383dbbd55057dc20fdfd54a750eafc034269eb37feeab4fff86a92

  • SSDEEP

    786432:eS2/6b28dfN90mcjS78WqrgrOiS2AF2vtAqamm6TOYh+88Plh3rLB/msbQj:Uib28dV90mcjaQ72+XmmM2j3rLBnQj

Malware Config

Targets

    • Target

      d348b2fd315d69bb969cd00d30f1f11eeb45656e4e429e6555eebdd5a566e5b2

    • Size

      45.4MB

    • MD5

      b548cd27d7cc4d966305c2fc5c0ee5e1

    • SHA1

      2f116d9e09a8796c040abe8ca5f6637e1110ea8c

    • SHA256

      d348b2fd315d69bb969cd00d30f1f11eeb45656e4e429e6555eebdd5a566e5b2

    • SHA512

      8f5ec981769a44575f215fe53b58b4c6522efa98bfd7eb409ca166cd1dca766fc5f6f8af04ec9d3ace3ad1b54b3ad62612e8a599840161ff685c001aab32c086

    • SSDEEP

      786432:1ELiyuxCaAPkt69LZSq5EfJ9WEH9aSeLHDKsn3MoNh2Z51JbY+R4+pjRxt7iQetk:1EiEaAW6FZSqSWs9aSeLHDWk2Z5O+fxX

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    • Fatal Rat payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Modifies file permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks