Overview

overview

10

Static

static

3

win32-quickq.exe

windows7-x64

7

win32-quickq.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    win32-quickq.exe.v

  • Size

    102.7MB

  • Sample

    240921-v6694svbpd

  • MD5

    6cc7d1e2dd43c1ce2c40add01bba5f10

  • SHA1

    2e7a05e6ac9b0c030fe1b3e0326d550588c926a4

  • SHA256

    5c8ebbfd58f88816efd7c92843468d800f6607d2a80c913042ec33edf878c597

  • SHA512

    9237bedfe998036210a5a52227b715ab1d24edc7de477bde4f5f72fab10dc6003551b6c82ced77b2a9c636e3409f906ab94dd67b818c91b7eb737b1332eee707

  • SSDEEP

    3145728:nHJBbXVSMpO5rZ2AH+FuiHtGkrvCwyxNAGWp/:H/2tDeF5gk29vWp

Score
10/10
fatalratdiscoveryevasioninfostealerpersistencerattrojan

Malware Config

Targets

    • Target

      win32-quickq.exe.v

    • Size

      102.7MB

    • MD5

      6cc7d1e2dd43c1ce2c40add01bba5f10

    • SHA1

      2e7a05e6ac9b0c030fe1b3e0326d550588c926a4

    • SHA256

      5c8ebbfd58f88816efd7c92843468d800f6607d2a80c913042ec33edf878c597

    • SHA512

      9237bedfe998036210a5a52227b715ab1d24edc7de477bde4f5f72fab10dc6003551b6c82ced77b2a9c636e3409f906ab94dd67b818c91b7eb737b1332eee707

    • SSDEEP

      3145728:nHJBbXVSMpO5rZ2AH+FuiHtGkrvCwyxNAGWp/:H/2tDeF5gk29vWp

    Score
    10/10
    discoveryevasionpersistencetrojanfatalratinfostealerrat

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks