blackmoon | 6623454c4252fe34a55aeb3f926883ff486afa3adc21280fcd1d16b6ec9d2dd9 | Triage

Submit
Reports

Overview

overview

Static

static

7

6623454c42...d9.exe

windows7-x64

6623454c42...d9.exe

windows10-2004-x64

Sharing

General

Target

6623454c4252fe34a55aeb3f926883ff486afa3adc21280fcd1d16b6ec9d2dd9
Size

91KB
Sample

241001-vdwb5stfpe
MD5

08beb843aa68071e2b0ae66d564c5165
SHA1

a3add5f7016804a5f5fb3c03d66d8ddf6b7e439a
SHA256

6623454c4252fe34a55aeb3f926883ff486afa3adc21280fcd1d16b6ec9d2dd9
SHA512

fea5cd5c1f36883bfc878a2645d36640d8f8466c721287df344994b73cc9f6f8d3357bb8b8f3cc01b5795a40c52d1ae3a3e5391cded5bbb86463b84beb0eb23e
SSDEEP

1536:k3zn5sPvaFaJ1GdZ52kgq0YqeFnKHy3CP4i8kdmBmFG1yKwFchxL+Wj5HnQ:kjn50L1GdDJFnqIQ4iIq6yKwS3O

Score

10^/10

blackmoon fatalrat aspackv2 banker discovery infostealer rat trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6623454c4252fe34a55aeb3f926883ff486afa3adc21280fcd1d16b6ec9d2dd9.exe

Resource

win7-20240903-en

blackmoon banker discovery trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

6623454c4252fe34a55aeb3f926883ff486afa3adc21280fcd1d16b6ec9d2dd9.exe

Resource

win10v2004-20240802-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  6623454c4252fe34a55aeb3f926883ff486afa3adc21280fcd1d16b6ec9d2dd9
- Size
  
  91KB
- MD5
  
  08beb843aa68071e2b0ae66d564c5165
- SHA1
  
  a3add5f7016804a5f5fb3c03d66d8ddf6b7e439a
- SHA256
  
  6623454c4252fe34a55aeb3f926883ff486afa3adc21280fcd1d16b6ec9d2dd9
- SHA512
  
  fea5cd5c1f36883bfc878a2645d36640d8f8466c721287df344994b73cc9f6f8d3357bb8b8f3cc01b5795a40c52d1ae3a3e5391cded5bbb86463b84beb0eb23e
- SSDEEP
  
  1536:k3zn5sPvaFaJ1GdZ52kgq0YqeFnKHy3CP4i8kdmBmFG1yKwFchxL+Wj5HnQ:kjn50L1GdDJFnqIQ4iIq6yKwS3O
Score

10^/10

blackmoon banker discovery trojan fatalrat infostealer rat vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonbankerdiscoverytrojan

behavioral2

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

© 2018-2024

Terms | Privacy