General
-
Target
3c2a21763cafe33f7c8339403434ba7478d9b1b8b7ca324d1fdc1c2eecd5abb5.exe.vir
-
Size
69.8MB
-
Sample
241126-fg9avavphx
-
MD5
327884b448705fdf0c44adb302f4e265
-
SHA1
44d8155588ef21f57757d1e0f1292f27832b684a
-
SHA256
3c2a21763cafe33f7c8339403434ba7478d9b1b8b7ca324d1fdc1c2eecd5abb5
-
SHA512
5566388610f6c62294a22e474226ff9264ae48e26c5564e78fc22879ef79331774a455e6988131b46821021a4b899bbcbc5a651ae5428d8045567714b49c570c
-
SSDEEP
1572864:95yaqg3nPbpuwNJ5GKzUqoyEwNOu25BY9eTs/aliLcde5OVV08:9BxuwJLEwN0g9eTs/aliQduOY8
Behavioral task
behavioral1
Sample
3c2a21763cafe33f7c8339403434ba7478d9b1b8b7ca324d1fdc1c2eecd5abb5.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
3c2a21763cafe33f7c8339403434ba7478d9b1b8b7ca324d1fdc1c2eecd5abb5.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
3c2a21763cafe33f7c8339403434ba7478d9b1b8b7ca324d1fdc1c2eecd5abb5.exe.vir
-
Size
69.8MB
-
MD5
327884b448705fdf0c44adb302f4e265
-
SHA1
44d8155588ef21f57757d1e0f1292f27832b684a
-
SHA256
3c2a21763cafe33f7c8339403434ba7478d9b1b8b7ca324d1fdc1c2eecd5abb5
-
SHA512
5566388610f6c62294a22e474226ff9264ae48e26c5564e78fc22879ef79331774a455e6988131b46821021a4b899bbcbc5a651ae5428d8045567714b49c570c
-
SSDEEP
1572864:95yaqg3nPbpuwNJ5GKzUqoyEwNOu25BY9eTs/aliLcde5OVV08:9BxuwJLEwN0g9eTs/aliQduOY8
-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Fatalrat family
-
Fatal Rat payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-