fatalrat | 250307-n6fzlaxpaa_pw_infected[.]zip | Triage

Sharing

General

Target

250307-n6fzlaxpaa_pw_infected.zip
Size

102KB
MD5

e42eac7aa516a81464d146ac91c784df
SHA1

03a090c2dde231e6045d1998e240adb85dc3222f
SHA256

e37033d4bd2f01766e16851559d2fd5c1e5e22a58ec77f077dd238ef38a276fd
SHA512

ddb0a48396bf6285dad6490fbdae857600fd9072bf2b4818a8f99475d4f5c86803049f81ccc1b53d93b6f0f9953a33325649d4f42779237bbb001f7cd1bb8e54
SSDEEP

3072:dKNqpbk+rb1O1rTeKxMJ05EUrHkx00RByiaCv:dKoZko1OBTFOMHka0RoM

Score

10^/10

rat infostealer fatalrat

Malware Config

Signatures

Fatal Rat payload 1 IoCs

rat infostealer

resource	yara_rule
static1/unpack001/f2a386775e57d68fd5a86b3dae43bac8c064a6957d2de9a8f27fd655045538d5	fatalrat

Fatalrat family
fatalrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f2a386775e57d68fd5a86b3dae43bac8c064a6957d2de9a8f27fd655045538d5

Files

250307-n6fzlaxpaa_pw_infected.zip
.zip

Password: infected
f2a386775e57d68fd5a86b3dae43bac8c064a6957d2de9a8f27fd655045538d5
.dll windows:4 windows x86 arch:x86

Password: infected

9f117e78d123287b1138b361d515b56e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
ExitProcess
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetLastError
SetFilePointer
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
RtlUnwind
CloseHandle

Exports

Exports

Fuck

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ