blackmoon | 25ffa0ad874dd0fb430ab1795536fa9b4fe496ed946267b9c0f4ffc05fecdd03 | Triage

Submit
Reports

Overview

overview

Static

static

7

25ffa0ad87...03.exe

windows7-x64

25ffa0ad87...03.exe

windows10-2004-x64

Sharing

General

Target

25ffa0ad874dd0fb430ab1795536fa9b4fe496ed946267b9c0f4ffc05fecdd03
Size

106KB
Sample

241017-d9775stgql
MD5

d2fbf57f9aa3f02730349d878dbf99ec
SHA1

f8466012da06c484a31ac8e3328bfd4a82c1b465
SHA256

25ffa0ad874dd0fb430ab1795536fa9b4fe496ed946267b9c0f4ffc05fecdd03
SHA512

fe85936cca6ecbe4c63ef80c56a347e43ee1ff8c6561682254e4db3172123efb6470427a693cf39e00b3b49a7b8572a7517624fdd73b3737b57138f34640ba5b
SSDEEP

1536:gNmIqV+Ke7K3lCEM/BptDapSn9ARyEUJfPDg+rfRUZLbryucAE0fEpbWCE0UWOO+:+qgCBMvtDapSOuD5fQLbrykEVRoJ3

Score

10^/10

blackmoon fatalrat aspackv2 banker discovery infostealer rat trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

25ffa0ad874dd0fb430ab1795536fa9b4fe496ed946267b9c0f4ffc05fecdd03.exe

Resource

win7-20240903-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

25ffa0ad874dd0fb430ab1795536fa9b4fe496ed946267b9c0f4ffc05fecdd03.exe

Resource

win10v2004-20241007-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  25ffa0ad874dd0fb430ab1795536fa9b4fe496ed946267b9c0f4ffc05fecdd03
- Size
  
  106KB
- MD5
  
  d2fbf57f9aa3f02730349d878dbf99ec
- SHA1
  
  f8466012da06c484a31ac8e3328bfd4a82c1b465
- SHA256
  
  25ffa0ad874dd0fb430ab1795536fa9b4fe496ed946267b9c0f4ffc05fecdd03
- SHA512
  
  fe85936cca6ecbe4c63ef80c56a347e43ee1ff8c6561682254e4db3172123efb6470427a693cf39e00b3b49a7b8572a7517624fdd73b3737b57138f34640ba5b
- SSDEEP
  
  1536:gNmIqV+Ke7K3lCEM/BptDapSn9ARyEUJfPDg+rfRUZLbryucAE0fEpbWCE0UWOO+:+qgCBMvtDapSOuD5fQLbrykEVRoJ3
Score

10^/10

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

behavioral2

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

© 2018-2025

Terms | Privacy