Overview

overview

10

Static

static

1

d348b2fd31...b2.msi

windows7-x64

10

d348b2fd31...b2.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fee4bc48a833facbde77aeb03320697fe7a1e54d633f6d9f157cf994b2a405f1

  • Size

    43.6MB

  • Sample

    240911-makr8swajc

  • MD5

    856781e26d7662ded626046284a16e39

  • SHA1

    ad757a2eb8ef653a265c61d902eb3bb893d434ce

  • SHA256

    fee4bc48a833facbde77aeb03320697fe7a1e54d633f6d9f157cf994b2a405f1

  • SHA512

    0aa0dbfab1454db1b1cecb107cacf64b5c1e021f5590d5fb76061783d59bff0d582841f9c5383dbbd55057dc20fdfd54a750eafc034269eb37feeab4fff86a92

  • SSDEEP

    786432:eS2/6b28dfN90mcjS78WqrgrOiS2AF2vtAqamm6TOYh+88Plh3rLB/msbQj:Uib28dV90mcjaQ72+XmmM2j3rLBnQj

Score
10/10
fatalratgh0stratbootkitdiscoveryinfostealerpersistenceprivilege_escalationratupx

Malware Config

Targets

    • Target

      d348b2fd315d69bb969cd00d30f1f11eeb45656e4e429e6555eebdd5a566e5b2

    • Size

      45.4MB

    • MD5

      b548cd27d7cc4d966305c2fc5c0ee5e1

    • SHA1

      2f116d9e09a8796c040abe8ca5f6637e1110ea8c

    • SHA256

      d348b2fd315d69bb969cd00d30f1f11eeb45656e4e429e6555eebdd5a566e5b2

    • SHA512

      8f5ec981769a44575f215fe53b58b4c6522efa98bfd7eb409ca166cd1dca766fc5f6f8af04ec9d3ace3ad1b54b3ad62612e8a599840161ff685c001aab32c086

    • SSDEEP

      786432:1ELiyuxCaAPkt69LZSq5EfJ9WEH9aSeLHDKsn3MoNh2Z51JbY+R4+pjRxt7iQetk:1EiEaAW6FZSqSWs9aSeLHDWk2Z5O+fxX

    Score
    10/10
    fatalratgh0stratbootkitdiscoveryinfostealerpersistenceprivilege_escalationratupx

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Fatal Rat payload

      ratinfostealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks