fatalrat | 9f0c27a05bc7592264aefca57d4c30590aba2bbe26391ff2b50ff6bb53d913d9 | Triage

Submit
Reports

Overview

overview

Static

static

7

9f0c27a05b...d9.exe

windows7-x64

9f0c27a05b...d9.exe

windows10-2004-x64

Sharing

General

Target

9f0c27a05bc7592264aefca57d4c30590aba2bbe26391ff2b50ff6bb53d913d9
Size

383KB
Sample

240924-xmp8lasglh
MD5

4a9a0c4f455d6a215234c6ef259e3c2d
SHA1

c8f6a3972d885bcd8a4781afb3fc53f73bc0142f
SHA256

9f0c27a05bc7592264aefca57d4c30590aba2bbe26391ff2b50ff6bb53d913d9
SHA512

dd83feb15900e63e99b9ec3dbd6ec5f0921966b54fd392998dda5c611c07040f017548fe35f4b4da1603853b6e1ff72609b1aeb06f786ebc45c0cf7564a799b2
SSDEEP

6144:q/hjpmUgOdFm3C5wT007OB1qbxLJpVEKs+f5+tO0rCxtAURYwpgXavw4/kiUj:qZjpmUgSe2wTE6bVEKsUDH1R7prUj

Score

10^/10

fatalrat aspackv2 discovery infostealer rat vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9f0c27a05bc7592264aefca57d4c30590aba2bbe26391ff2b50ff6bb53d913d9.exe

Resource

win7-20240708-en

fatalrat discovery infostealer rat vmprotect

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

9f0c27a05bc7592264aefca57d4c30590aba2bbe26391ff2b50ff6bb53d913d9.exe

Resource

win10v2004-20240802-en

fatalrat discovery infostealer rat vmprotect

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  9f0c27a05bc7592264aefca57d4c30590aba2bbe26391ff2b50ff6bb53d913d9
- Size
  
  383KB
- MD5
  
  4a9a0c4f455d6a215234c6ef259e3c2d
- SHA1
  
  c8f6a3972d885bcd8a4781afb3fc53f73bc0142f
- SHA256
  
  9f0c27a05bc7592264aefca57d4c30590aba2bbe26391ff2b50ff6bb53d913d9
- SHA512
  
  dd83feb15900e63e99b9ec3dbd6ec5f0921966b54fd392998dda5c611c07040f017548fe35f4b4da1603853b6e1ff72609b1aeb06f786ebc45c0cf7564a799b2
- SSDEEP
  
  6144:q/hjpmUgOdFm3C5wT007OB1qbxLJpVEKs+f5+tO0rCxtAURYwpgXavw4/kiUj:qZjpmUgSe2wTE6bVEKsUDH1R7prUj
Score

10^/10

fatalrat discovery infostealer rat vmprotect
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratdiscoveryinfostealerratvmprotect

behavioral2

fatalratdiscoveryinfostealerratvmprotect

© 2018-2024

Terms | Privacy