fatalrat | e0d120a8531678873042819943250b8cc82a04b946118302d4f04d55130b95e4 | Triage

Submit
Reports

Overview

overview

Static

static

7

e0d120a853...e4.exe

windows7-x64

e0d120a853...e4.exe

windows10-2004-x64

Sharing

General

Target

e0d120a8531678873042819943250b8cc82a04b946118302d4f04d55130b95e4
Size

379KB
Sample

240923-mxqa8svdpq
MD5

66ad00df10cbb00ae7dcb38f3c412bb4
SHA1

b9b22360faf85e91cdb1500415a85eca2d8c7e41
SHA256

e0d120a8531678873042819943250b8cc82a04b946118302d4f04d55130b95e4
SHA512

de5bf09ece28cbd45f5550db6b9ea5f906e652b8d65c2ddf9a6625626014163f835df4a5151a0061225941c563ceb4152a40284c0137d6badcd79b35a6776dac
SSDEEP

6144:xGSYcKfv25NCNBV337J1Cx3oqYejzJ0+4oTEygP8W3H3AtKdM+pOMDfQZKNBsAAM:cSYcev2Cb97Mo8d02TEyg0w0CTpOMDfp

Score

10^/10

fatalrat aspackv2 discovery infostealer rat vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e0d120a8531678873042819943250b8cc82a04b946118302d4f04d55130b95e4.exe

Resource

win7-20240903-en

fatalrat discovery infostealer rat vmprotect

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

e0d120a8531678873042819943250b8cc82a04b946118302d4f04d55130b95e4.exe

Resource

win10v2004-20240802-en

fatalrat discovery infostealer rat vmprotect

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  e0d120a8531678873042819943250b8cc82a04b946118302d4f04d55130b95e4
- Size
  
  379KB
- MD5
  
  66ad00df10cbb00ae7dcb38f3c412bb4
- SHA1
  
  b9b22360faf85e91cdb1500415a85eca2d8c7e41
- SHA256
  
  e0d120a8531678873042819943250b8cc82a04b946118302d4f04d55130b95e4
- SHA512
  
  de5bf09ece28cbd45f5550db6b9ea5f906e652b8d65c2ddf9a6625626014163f835df4a5151a0061225941c563ceb4152a40284c0137d6badcd79b35a6776dac
- SSDEEP
  
  6144:xGSYcKfv25NCNBV337J1Cx3oqYejzJ0+4oTEygP8W3H3AtKdM+pOMDfQZKNBsAAM:cSYcev2Cb97Mo8d02TEyg0w0CTpOMDfp
Score

10^/10

fatalrat discovery infostealer rat vmprotect
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratdiscoveryinfostealerratvmprotect

behavioral2

fatalratdiscoveryinfostealerratvmprotect

© 2018-2024

Terms | Privacy