blackmoon | b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345 | Triage

Submit
Reports

Overview

overview

Static

static

b42583ea1a...45.exe

windows7-x64

b42583ea1a...45.exe

windows10-2004-x64

Sharing

General

Target

b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345
Size

256KB
Sample

241006-ypxacsxcjd
MD5

18489c055c3d8b29bee30f44b77d44fc
SHA1

0d886928d23fe93ed6f48f5f1b109002b8ad02f2
SHA256

b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345
SHA512

af6fce5af569a7faf288a4d45dd263bf84f6af6e4fed9406ba65c2433ad1892bcd95ce8dda0914a3c7876a9e669bf0e29fb5ef634110267f7bdcffc7616f3601
SSDEEP

3072:+5E4z97xNhc39hhQYyc1aUTBXO4H6/XmBTRvDPkDUKDRuASo8JE8ctoG7oyoPnIa:+Kit34avmZRvDcka87G7XoPnIoR

Score

10^/10

blackmoon fatalrat discovery infostealer rat vmprotect

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345.exe

Resource

win7-20240903-en

fatalrat discovery infostealer rat vmprotect

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345.exe

Resource

win10v2004-20240802-en

fatalrat discovery infostealer rat vmprotect

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345
- Size
  
  256KB
- MD5
  
  18489c055c3d8b29bee30f44b77d44fc
- SHA1
  
  0d886928d23fe93ed6f48f5f1b109002b8ad02f2
- SHA256
  
  b42583ea1a538988331439c7903703f28686d97dbd900183be5c9f26022a9345
- SHA512
  
  af6fce5af569a7faf288a4d45dd263bf84f6af6e4fed9406ba65c2433ad1892bcd95ce8dda0914a3c7876a9e669bf0e29fb5ef634110267f7bdcffc7616f3601
- SSDEEP
  
  3072:+5E4z97xNhc39hhQYyc1aUTBXO4H6/XmBTRvDPkDUKDRuASo8JE8ctoG7oyoPnIa:+Kit34avmZRvDcka87G7XoPnIoR
Score

10^/10

fatalrat discovery infostealer rat vmprotect
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratdiscoveryinfostealerratvmprotect

behavioral2

fatalratdiscoveryinfostealerratvmprotect

© 2018-2024

Terms | Privacy