fatalrat | 71fee022f7b439f7f45e1b6b5f6571a27617ee011f417670bc1018dc9a579346 | Triage

Submit
Reports

Overview

overview

Static

static

3

win32-quickq_1.exe

windows7-x64

win32-quickq_1.exe

windows10-2004-x64

Sharing

General

Target

win32-quickq_1.exe.v
Size

99.0MB
Sample

241002-kcvzwawfnm
MD5

c6b7c0ad548155f7ef394b81f2a3f22a
SHA1

89bb68b5ef1f31b54c6c8ed0b9044705c53aae0d
SHA256

71fee022f7b439f7f45e1b6b5f6571a27617ee011f417670bc1018dc9a579346
SHA512

6f0c54c43c395a4501e314af5bbc92cd149bdd8a5e1874e130b331ddc4bd52b65320b8f7d489ed50b53f10c891054910d0e9f265835348e292cc0948d04c8716
SSDEEP

3145728:nHQoAe5KrdHxK5JhACGufBbPSTnvTo5e+DZt:HQJMf+CZBP6MbDZ

Score

10^/10

fatalrat aspackv2 discovery evasion infostealer persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

win32-quickq_1.exe

Resource

win7-20240903-en

fatalrat aspackv2 discovery evasion infostealer persistence rat trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

win32-quickq_1.exe

Resource

win10v2004-20240802-en

fatalrat aspackv2 discovery evasion infostealer persistence rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  win32-quickq_1.exe.v
- Size
  
  99.0MB
- MD5
  
  c6b7c0ad548155f7ef394b81f2a3f22a
- SHA1
  
  89bb68b5ef1f31b54c6c8ed0b9044705c53aae0d
- SHA256
  
  71fee022f7b439f7f45e1b6b5f6571a27617ee011f417670bc1018dc9a579346
- SHA512
  
  6f0c54c43c395a4501e314af5bbc92cd149bdd8a5e1874e130b331ddc4bd52b65320b8f7d489ed50b53f10c891054910d0e9f265835348e292cc0948d04c8716
- SSDEEP
  
  3145728:nHQoAe5KrdHxK5JhACGufBbPSTnvTo5e+DZt:HQJMf+CZBP6MbDZ
Score

10^/10

fatalrat aspackv2 discovery evasion infostealer persistence rat trojan
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalrataspackv2discoveryevasioninfostealerpersistencerattrojan

behavioral2

fatalrataspackv2discoveryevasioninfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy