fatalrat | 76a65ecfc54d6ef74020e0b9ab497a3abf7e1709c40cc071535cd4bae3c82783 | Triage

Sharing

General

Target

5x(24-10-24).zip
Size

24.9MB
Sample

241024-jsk9yavakp
MD5

72c113929b670b2d613371185091d18a
SHA1

3c31ec287bb40af5aba234ecc4d4a94016633535
SHA256

76a65ecfc54d6ef74020e0b9ab497a3abf7e1709c40cc071535cd4bae3c82783
SHA512

f4dde7e9c4b3595e64aec0b4e2f0941643a94de8a7c7f29e81e43fce33ce6aff2ce3054b42c9939290a11b88dc25c09b862760b25a18931dcbdb474ac7ca5e61
SSDEEP

393216:kxeZQwe9c0ny9NxOu8OZtTUM7XIlFXE2INiyoeqS/N+myqUm/v82bBPUCO:wnwe9tANxFJ7wE7Niped7yq/n80ZUh

Score

10^/10

fatalrat gh0strat discovery infostealer rat upx

Malware Config

Targets

- Target
  
  TestAV-bypass.exe
- Size
  
  154KB
- MD5
  
  e98e435fc0f27599b8551e898f3a5362
- SHA1
  
  6e9c45a511a06fddf48f82deb5c91b827bc167e0
- SHA256
  
  43e93d34858262178e0527ca75523f838f4d9f28d146fdbf4581161a88ce0ab1
- SHA512
  
  4b147b4bf925cb9c7b07a8a3db7a5ea0440cf9b52286a038ee31b3df4a0e9716b321be928a84359845c74c150544c9cc83914a4c57699dbec81914e65919ad74
- SSDEEP
  
  3072:h90aNRsKMFIZFSsfxX3/Fi8ruSEfxX3/Fi8ruSSr/:hSs5fFXNE5fFXNO
Score

1^/10
behavioral1 behavioral2
- Target
  
  Zabbix.exe
- Size
  
  25.8MB
- MD5
  
  a094c25ee2064f704001c30bfb376aa1
- SHA1
  
  31526150e914d16f199c965ab984619b5896950b
- SHA256
  
  f65002c8f6997c3b040f7074fc9031bc468ed85ff49977f6ce99189b35b8d292
- SHA512
  
  728b548a376442c52fdb440358d9a59ec8f24559b9792591f1c88fe6a8b9bb27394a87ab283fa6e2ac136c44403480e3376bc0eadd585fce8817d06a65c41b79
- SSDEEP
  
  98304:RuGuDkK9XzJ23f5oHhA755w8tQ7j+EpwMFsKJRlSXA6QXIXH81K4n6IoxD714fhx:Zkmvjw8y7j7iMFsKYXVfMejO
Score

1^/10
behavioral3 behavioral4
- Target
  
  名单助手PDF.exe
- Size
  
  6.1MB
- MD5
  
  f24efc53f425d85f86e7d4e2000dbc2a
- SHA1
  
  3d29c3ea01714fe3f757c104f44281e2335d278b
- SHA256
  
  d2caeb6d90e3240fd087e2180e28219651dc9f6c5ee7c2f18bd59e5b98dcfd6f
- SHA512
  
  ad88e648c3124fc379784887e7d6cbb3576eb9bae9cc8400c9d1ed7b093c1c8c691bd98f9a43f8a6a8cd33db403888f4106fef70697b90a8670227fd334a1813
- SSDEEP
  
  98304:4YYX5YQmdT8PRv0J0hx09BSpKki9jBGrisYdMLU9V09DsL2qEKqjb:niby94pFKjBGr97eL
Score

10^/10

fatalrat discovery infostealer rat gh0strat upx
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  对《立式加工中心项目》竞标公平性的质疑和恶意竞标现象的举报材料.exe
- Size
  
  3.4MB
- MD5
  
  69f32c80a58e54844df50dd5be15cac3
- SHA1
  
  ef26a9fafae86008968a0465216e479b54921ead
- SHA256
  
  6e201e86f95339b2a8d5d1bb21b62bcebdf7be3a3df7f0a0e8e3717935af7c7b
- SHA512
  
  f24a1041105106df55da1fa2c02f8f8e6f8832cbc2be81e9b4287fae8d8caf655e20f30d0d91ec4b10cd63afc0e2193e7d15502defba3e7ab36ab3addc85e1e9
- SSDEEP
  
  49152:pjezb6Jxvq56GvcW5klJB37aLWmV86Uv+616Nkf3EjUNXKy:pj+8G/8B3mIv+6iG3uaXL
Score

1^/10
behavioral7 behavioral8
- Target
  
  报错截图2024444.exe
- Size
  
  40.7MB
- MD5
  
  efbae92b752faeb84c90269d498b95fb
- SHA1
  
  579beddd80aca268cda9b00798a0a0ee5a7e31d6
- SHA256
  
  90d1f1a28ce81620c68153b9acf2413e7757d03689e3e1ba8e71506a499c4a0f
- SHA512
  
  e778a11667a1764c39ec0b06023cd5ba0b9d78a0db606cdc7e5f72c5e23a6522032f51f1d15fe31043b7e1850b6a29ab8e2e841d4d415de11b6436ac5d9e5deb
- SSDEEP
  
  196608:mWHMLp3ysnKgSO/Eobf+g8hTWATcvKeNwYrsBKzhFh43C:mWHMLpi8fbf+NhT52lgU
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

fatalratdiscoveryinfostealerrat

behavioral6

fatalratgh0stratdiscoveryinfostealerratupx

behavioral7

behavioral8

behavioral9

behavioral10