General

  • Target

    3c2a21763cafe33f7c8339403434ba7478d9b1b8b7ca324d1fdc1c2eecd5abb5.exe.vir

  • Size

    69.8MB

  • Sample

    241126-fg9avavphx

  • MD5

    327884b448705fdf0c44adb302f4e265

  • SHA1

    44d8155588ef21f57757d1e0f1292f27832b684a

  • SHA256

    3c2a21763cafe33f7c8339403434ba7478d9b1b8b7ca324d1fdc1c2eecd5abb5

  • SHA512

    5566388610f6c62294a22e474226ff9264ae48e26c5564e78fc22879ef79331774a455e6988131b46821021a4b899bbcbc5a651ae5428d8045567714b49c570c

  • SSDEEP

    1572864:95yaqg3nPbpuwNJ5GKzUqoyEwNOu25BY9eTs/aliLcde5OVV08:9BxuwJLEwN0g9eTs/aliQduOY8

Malware Config

Targets

    • Target

      3c2a21763cafe33f7c8339403434ba7478d9b1b8b7ca324d1fdc1c2eecd5abb5.exe.vir

    • Size

      69.8MB

    • MD5

      327884b448705fdf0c44adb302f4e265

    • SHA1

      44d8155588ef21f57757d1e0f1292f27832b684a

    • SHA256

      3c2a21763cafe33f7c8339403434ba7478d9b1b8b7ca324d1fdc1c2eecd5abb5

    • SHA512

      5566388610f6c62294a22e474226ff9264ae48e26c5564e78fc22879ef79331774a455e6988131b46821021a4b899bbcbc5a651ae5428d8045567714b49c570c

    • SSDEEP

      1572864:95yaqg3nPbpuwNJ5GKzUqoyEwNOu25BY9eTs/aliLcde5OVV08:9BxuwJLEwN0g9eTs/aliQduOY8

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    • Fatalrat family

    • Fatal Rat payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks