General

  • Target

    9d9961770ec49cd827541c17d730178cc22471848ff75b946b58225570ab39a0

  • Size

    1016KB

  • Sample

    240406-a341csfg5v

  • MD5

    77b6361879cd2095663baa717c5a33ed

  • SHA1

    af5ca68dacc2df0d1868b3a4ca83a1228a7014eb

  • SHA256

    9d9961770ec49cd827541c17d730178cc22471848ff75b946b58225570ab39a0

  • SHA512

    b951f065bb2b2d7bcf0337d1fb4cfc314c7cceecc184e9cc221a5abdf735662e555f62411523526eb5c203de46ebcf47415ec7cc4ef436a1f0201e7990eb71ba

  • SSDEEP

    24576:HEeG1Gv/aSmbdppcBz6z6rgdzDUsQWe0:HEvGnaScZ8fUNAsQW

Malware Config

Targets

    • Target

      9d9961770ec49cd827541c17d730178cc22471848ff75b946b58225570ab39a0

    • Size

      1016KB

    • MD5

      77b6361879cd2095663baa717c5a33ed

    • SHA1

      af5ca68dacc2df0d1868b3a4ca83a1228a7014eb

    • SHA256

      9d9961770ec49cd827541c17d730178cc22471848ff75b946b58225570ab39a0

    • SHA512

      b951f065bb2b2d7bcf0337d1fb4cfc314c7cceecc184e9cc221a5abdf735662e555f62411523526eb5c203de46ebcf47415ec7cc4ef436a1f0201e7990eb71ba

    • SSDEEP

      24576:HEeG1Gv/aSmbdppcBz6z6rgdzDUsQWe0:HEvGnaScZ8fUNAsQW

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    • Detects executables calling ClearMyTracksByProcess

    • Fatal Rat payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks