General

  • Target

    f730660f20d767f006982c5ebb0461145bacd46a278754d713dbe51ca62793ab.exe.vir

  • Size

    18.0MB

  • Sample

    241116-qx8z5a1nhl

  • MD5

    ef344baa9dd4568c67430b298412a83a

  • SHA1

    abf64392658bdc45aff764f171de15dcc8705924

  • SHA256

    f730660f20d767f006982c5ebb0461145bacd46a278754d713dbe51ca62793ab

  • SHA512

    f5bd7060aa96b9afe12ed2e98104851c422f6a30ea0679b7254a340e7170d59b48930118ce4f27cfd1f0679790d3c6d2c3c2de4f2d741d707eef8ce965ceeaf6

  • SSDEEP

    393216:pIQZSINDOkEk7uQcUIYYBFrrV/eaxfo8ujuiuky0eP18KZahKdkGx:6+pDO4uQcUc1rxeaxfo5uishPmRpGx

Malware Config

Targets

    • Target

      f730660f20d767f006982c5ebb0461145bacd46a278754d713dbe51ca62793ab.exe.vir

    • Size

      18.0MB

    • MD5

      ef344baa9dd4568c67430b298412a83a

    • SHA1

      abf64392658bdc45aff764f171de15dcc8705924

    • SHA256

      f730660f20d767f006982c5ebb0461145bacd46a278754d713dbe51ca62793ab

    • SHA512

      f5bd7060aa96b9afe12ed2e98104851c422f6a30ea0679b7254a340e7170d59b48930118ce4f27cfd1f0679790d3c6d2c3c2de4f2d741d707eef8ce965ceeaf6

    • SSDEEP

      393216:pIQZSINDOkEk7uQcUIYYBFrrV/eaxfo8ujuiuky0eP18KZahKdkGx:6+pDO4uQcUc1rxeaxfo5uishPmRpGx

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    • Fatalrat family

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Fatal Rat payload

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks