blackmoon | 6623454c4252fe34a55aeb3f926883ff486afa3adc21280fcd1d16b6ec9d2dd9 | Triage

Submit
Reports

Overview

overview

Static

static

7

exe (2).exe

windows7-x64

exe (2).exe

windows10-2004-x64

Sharing

General

Target

exe (2).exe.v
Size

91KB
Sample

241003-hdjxwszbpj
MD5

08beb843aa68071e2b0ae66d564c5165
SHA1

a3add5f7016804a5f5fb3c03d66d8ddf6b7e439a
SHA256

6623454c4252fe34a55aeb3f926883ff486afa3adc21280fcd1d16b6ec9d2dd9
SHA512

fea5cd5c1f36883bfc878a2645d36640d8f8466c721287df344994b73cc9f6f8d3357bb8b8f3cc01b5795a40c52d1ae3a3e5391cded5bbb86463b84beb0eb23e
SSDEEP

1536:k3zn5sPvaFaJ1GdZ52kgq0YqeFnKHy3CP4i8kdmBmFG1yKwFchxL+Wj5HnQ:kjn50L1GdDJFnqIQ4iIq6yKwS3O

Score

10^/10

blackmoon fatalrat aspackv2 banker discovery infostealer rat trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

exe (2).exe

Resource

win7-20240704-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

exe (2).exe

Resource

win10v2004-20240802-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  exe (2).exe.v
- Size
  
  91KB
- MD5
  
  08beb843aa68071e2b0ae66d564c5165
- SHA1
  
  a3add5f7016804a5f5fb3c03d66d8ddf6b7e439a
- SHA256
  
  6623454c4252fe34a55aeb3f926883ff486afa3adc21280fcd1d16b6ec9d2dd9
- SHA512
  
  fea5cd5c1f36883bfc878a2645d36640d8f8466c721287df344994b73cc9f6f8d3357bb8b8f3cc01b5795a40c52d1ae3a3e5391cded5bbb86463b84beb0eb23e
- SSDEEP
  
  1536:k3zn5sPvaFaJ1GdZ52kgq0YqeFnKHy3CP4i8kdmBmFG1yKwFchxL+Wj5HnQ:kjn50L1GdDJFnqIQ4iIq6yKwS3O
Score

10^/10

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

behavioral2

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

© 2018-2024

Terms | Privacy