Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
2516-2-0x0000000010000000-0x000000001002D000-memory.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2516-2-0x0000000010000000-0x000000001002D000-memory.dll
Resource
win10v2004-20250217-en
General
-
Target
2516-2-0x0000000010000000-0x000000001002D000-memory.dmp
-
Size
180KB
-
MD5
d5cffe9bdd8a128f41d9275d145f9bc1
-
SHA1
e00fbc1cd07e065e5b60d3462bf025bf9914ca9c
-
SHA256
b91252e20b2f5631f221ed6049bd3c1f788f41b426f731c50199f4aea2048af2
-
SHA512
ee3f045b025f06b09bae3ef52c1e453fb094553479c4ca3b012195957a7f18d20662a08ba86d1000f904f83dbcc34aa11bf0928771b96a93a3aea3d7da83412a
-
SSDEEP
3072:Pmu50sK9wH9ze5n5E8cj3WVvbHN3FBbALmp+tTBflJwhpnwpfrQ5:Pmu50s4wH9y5n5EFWVvbN3FBM1tTBvwv
Malware Config
Signatures
-
Fatal Rat payload 1 IoCs
resource yara_rule sample fatalrat -
Fatalrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2516-2-0x0000000010000000-0x000000001002D000-memory.dmp
Files
-
2516-2-0x0000000010000000-0x000000001002D000-memory.dmp.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 111KB - Virtual size: 256.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 29KB - Virtual size: 256.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 256.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 7KB - Virtual size: 256.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ