Overview

overview

10

Static

static

3

be780bcdb9...cs.exe

windows7-x64

10

be780bcdb9...cs.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be780bcdb9a3cd5a8b4b9840433ac9f0_NeikiAnalytics

  • Size

    1.0MB

  • Sample

    240513-t4cr2sea9s

  • MD5

    be780bcdb9a3cd5a8b4b9840433ac9f0

  • SHA1

    b54ad3e4a69a878bbecd9e4be24077126d11b6e8

  • SHA256

    a81a2cef02dd0eb36b589345429bbd67c51933246d6d0a1e6a5b676ea5bef804

  • SHA512

    6e2e7394e7c390f842cc3383bb1a62ff0d18a3094e5e9e6afd0e02ecaf61e17fb008cba560766e6fb1e3e37ecdf186c08afad516dbb37fe9b9432da7fe476854

  • SSDEEP

    24576:VEeG1Gv/aSmn77FP/Dpn/JTM/3iVIwSa/l:VEvGnaS8vFnDLk3EIwS

Score
10/10
blackmoonfatalratbankerinfostealerpersistencerattrojan

Malware Config

Targets

    • Target

      be780bcdb9a3cd5a8b4b9840433ac9f0_NeikiAnalytics

    • Size

      1.0MB

    • MD5

      be780bcdb9a3cd5a8b4b9840433ac9f0

    • SHA1

      b54ad3e4a69a878bbecd9e4be24077126d11b6e8

    • SHA256

      a81a2cef02dd0eb36b589345429bbd67c51933246d6d0a1e6a5b676ea5bef804

    • SHA512

      6e2e7394e7c390f842cc3383bb1a62ff0d18a3094e5e9e6afd0e02ecaf61e17fb008cba560766e6fb1e3e37ecdf186c08afad516dbb37fe9b9432da7fe476854

    • SSDEEP

      24576:VEeG1Gv/aSmn77FP/Dpn/JTM/3iVIwSa/l:VEvGnaS8vFnDLk3EIwS

    Score
    10/10
    blackmoonfatalratbankerinfostealerpersistencerattrojan

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks