fatalrat | 7d349a4f542399574898181f06575029c57ef18f1efbd91d5cc667d6cf9f4558 | Triage

Submit
Reports

Overview

overview

Static

static

3

名单助手F.exe

windows7-x64

名单助手F.exe

windows10-2004-x64

说明.pdf

windows7-x64

3

说明.pdf

windows10-2004-x64

3

Sharing

General

Target

7d349a4f542399574898181f06575029c57ef18f1efbd91d5cc667d6cf9f4558
Size

4.1MB
Sample

241106-mefdbaygkl
MD5

0b1d437a39c421428961cf85e69ef990
SHA1

88180f03270399a83c9cd1e3a4d8b988b0f8356f
SHA256

7d349a4f542399574898181f06575029c57ef18f1efbd91d5cc667d6cf9f4558
SHA512

5a3f1e98d43a3f9287bcafec0573b7aab6aff93b062ba242de132bd8d40cda74305d29aa74f8b840ff93c491a79fb2ac2f3ba846ed9421187885478f4648659c
SSDEEP

98304:0NIXmIT2ytgKkrKH9KfolCzzM3+F9m5uKHTeNQNp/:0tG2ytgKkrZbI+FI5uKHTeWr/

Score

10^/10

fatalrat discovery infostealer rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

名单助手F.exe

Resource

win7-20241010-en

fatalrat discovery infostealer rat upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

名单助手F.exe

Resource

win10v2004-20241007-en

fatalrat discovery infostealer rat upx

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral3

Sample

说明.pdf

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

说明.pdf

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  名单助手F.exe
- Size
  
  6.1MB
- MD5
  
  204680a71afc51faa1408ffa2430c3f4
- SHA1
  
  1ae73b74dd260cc0568ce9d07daddf904102beff
- SHA256
  
  1bf9bdfaff5d065a120f44725ff2dbf8b20d731660168d02dbf89a4f9ee6d336
- SHA512
  
  fb1cbd9db14b71722f40956f6ca1128082eac3726241ce15cd313e9391876ed71bd0c15a22a26158331c9bcb105b54fcbace55d4aa3791f72133f98ceebc6688
- SSDEEP
  
  98304:1YYX5YQmdT8PRv0J0hx09BSpKki9jBGrisYdMLU9V09DsL2qEKqjb:eiby94pFKjBGr97eL
Score

10^/10

fatalrat discovery infostealer rat upx
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatalrat family
  fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  说明.pdf
- Size
  
  122KB
- MD5
  
  9e99ee5680201031ab6770955eccfd3e
- SHA1
  
  bf4c62c62e7282fab99bb88f93530a9944cdddc1
- SHA256
  
  1d223a0ffb1706a03ba0566303211c682905e420a3be5acc07f8f10e150aeec2
- SHA512
  
  e6988353479dbc8b1cf64371d9b41a477e2516cfb21712ee8ba684e85a217c02cc6fab2a350ac1cb26105d1ae4ad57e4a99d8e768832400ba2563c7ba28095c4
- SSDEEP
  
  3072:3sR/hHvp+YfEyC/uyymZUD8f7ocvPIH/j:3QrRyUwmHb
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratdiscoveryinfostealerratupx

behavioral2

fatalratdiscoveryinfostealerratupx

behavioral3

behavioral4

© 2018-2024

Terms | Privacy