fatalrat | c8db951a277b0199727beae0fe2d1435ee02f069701c11a918d4fd2e15a4df45 | Triage

Submit
Reports

Overview

overview

Static

static

7

c8db951a27...45.exe

windows7-x64

c8db951a27...45.exe

windows10-2004-x64

Sharing

General

Target

c8db951a277b0199727beae0fe2d1435ee02f069701c11a918d4fd2e15a4df45
Size

10.7MB
Sample

240925-lxyryayflm
MD5

2248f14cf650313603c4601778b17e3b
SHA1

853fbe5b8701e6889c4f4c067d44c9a578760e4b
SHA256

c8db951a277b0199727beae0fe2d1435ee02f069701c11a918d4fd2e15a4df45
SHA512

3f88dedad08cca7fa7e2c248a1cd19cfbefdaba677ea5672a017af49670ae46facf6636ec58491e95842befaca77d10c64bc2a85e506303707457245a2f049c4
SSDEEP

196608:Uh5t02WoPZeUzV5CL8VS9HfAaDbjj2aL7cOfZRtWqQPW:e5t0o4U3VuoaH2aXbYZP

Score

10^/10

fatalrat discovery infostealer persistence rat upx vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c8db951a277b0199727beae0fe2d1435ee02f069701c11a918d4fd2e15a4df45.exe

Resource

win7-20240704-en

fatalrat discovery infostealer persistence rat upx vmprotect

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

c8db951a277b0199727beae0fe2d1435ee02f069701c11a918d4fd2e15a4df45.exe

Resource

win10v2004-20240802-en

fatalrat discovery infostealer persistence rat upx vmprotect

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  c8db951a277b0199727beae0fe2d1435ee02f069701c11a918d4fd2e15a4df45
- Size
  
  10.7MB
- MD5
  
  2248f14cf650313603c4601778b17e3b
- SHA1
  
  853fbe5b8701e6889c4f4c067d44c9a578760e4b
- SHA256
  
  c8db951a277b0199727beae0fe2d1435ee02f069701c11a918d4fd2e15a4df45
- SHA512
  
  3f88dedad08cca7fa7e2c248a1cd19cfbefdaba677ea5672a017af49670ae46facf6636ec58491e95842befaca77d10c64bc2a85e506303707457245a2f049c4
- SSDEEP
  
  196608:Uh5t02WoPZeUzV5CL8VS9HfAaDbjj2aL7cOfZRtWqQPW:e5t0o4U3VuoaH2aXbYZP
Score

10^/10

fatalrat discovery infostealer persistence rat upx vmprotect
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratdiscoveryinfostealerpersistenceratupxvmprotect

behavioral2

fatalratdiscoveryinfostealerpersistenceratupxvmprotect

© 2018-2024

Terms | Privacy