fatalrat

General

Target

3x(24-10-15).zip
Size

9.3MB
Sample

241015-kbt17ayblp
MD5

dfb2c081de16080ffd45f92da4b305e3
SHA1

a248fb880059d4f0ced176fcd0ca6618c88e5b39
SHA256

98be2e4d783ddccbf3239f548458c7060947cc8d915aaf158674b122a12b6ded
SHA512

8ad88be1aa01c8dbe4f14df1ccff81583de8e3400cd8398c6ea47b1a30b93a7180c82775d010f27057ba0ddc3a9fd5f61d847fb321344d8ff238fe7166febf51
SSDEEP

196608:5EEIo/P94hxWK7Gjk8onYF8lsPJ5tRn2pVMm8CyOQ2TJ55p+AmW5b:KLYPQxztnM8lsh6VMm8z2TJ55RFb

Score

10^/10

Malware Config

Targets

- Target
  
  a.exe
- Size
  
  5.9MB
- MD5
  
  f074f20159b60e75acb793178416998a
- SHA1
  
  7d492801fff37f2f7449a88fb638584c6601841e
- SHA256
  
  bb6b5136b6ab6b7a93d87f9c130bc3ffd61a5e29d23a2758964bdcfec7e81862
- SHA512
  
  f94afd086753cd67ab93a3f9e4e2fff0fc45e232e6ae993ba141edf94c61a5bb355a8917010fed6a2b84f7722ee66be410a885b9634896cce9c2070b2c3d6fd8
- SSDEEP
  
  98304:2Espe45RHLneGJ3uqUYcPSuo8GEa48C0lZgGGFRk3WGKWLwsBBtEoECE:Wnnh3uqV/u5h8RZgGg/WtB
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  bypass_sandbox.exe
- Size
  
  110KB
- MD5
  
  4f075f1f89b5836854d62cc94e26f77a
- SHA1
  
  fbd613ecec8d4b2cf155b377709278598862dbf2
- SHA256
  
  fbfc767743b25c8b35b74fa868da1e735a8357c2125eb8f9076c2a5b8f1b28db
- SHA512
  
  d6ee132f6517b5c4c48678e063925e75d48d808303b0841d0aeb602cef7755bd6a71f715ef9482124ace3dec17bd30f52b83ed0a6b26b8bbe0d59770f9a01193
- SSDEEP
  
  1536:tyi2W+v2S75NhfZzWVFObG6BWYSQmIyOm9gppWfIrec6mmsWLfdU9dlhqlB:wh3Nh18sS6B1JmI5myppWee1mqsLqX
Score

1^/10
behavioral3 behavioral4
- Target
  
  名单助手PDF.exe
- Size
  
  6.3MB
- MD5
  
  3ac0bdbd6f5c90b94980e3559ae419f5
- SHA1
  
  6b01a0ced6191140830dcc8478f5a7a19d799fa5
- SHA256
  
  6dc0f4a97c3f5e12b4de8b3b2d74afe5298679604077a0a9d62ac479c4b24923
- SHA512
  
  14e9bbd5467f7e4f0aa9d69362a3763bb731c147a661ca4294d11a4704d58ca3b53f28023efbcc0051bc1c2518a917a12b9a64135b08abc4cded85676752846c
- SSDEEP
  
  98304:6YYX5YQmdT8PRv0J0hx09BSpKki9jBGrisYdMLU9V09DsL2qEKqjbS:piby94pFKjBGr97eLT
Score

10^/10

fatalrat discovery infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Fatal Rat payload

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6