blackmoon | 37f0ee019fbe0517cfb0de1b592d660ecbf2537bf6e2bd59fe67f7e276700b77 | Triage

Submit
Reports

Overview

overview

Static

static

7

37f0ee019f...77.exe

windows7-x64

37f0ee019f...77.exe

windows10-2004-x64

Sharing

General

Target

37f0ee019fbe0517cfb0de1b592d660ecbf2537bf6e2bd59fe67f7e276700b77
Size

106KB
Sample

241017-ekl42svcqm
MD5

10735be79033ec2644e55001b5eda019
SHA1

a5e412fb6f2f2e06025a8a5d6b6161c3b6835d19
SHA256

37f0ee019fbe0517cfb0de1b592d660ecbf2537bf6e2bd59fe67f7e276700b77
SHA512

8052fd744c8fdbe58b6591ad9d60bdf24017136dbe35b0440314446b77021494825bfe9be3962ff0832d66779f2f69902f10e823ff6be25bc52c6be6726a799a
SSDEEP

1536:GNmIqV+fI1663A6HPcrmbW1nLSW9hHiUouawWSCzARHRA7G1/qUjEpbWCE0UWOO+:wqgC64HPc+WoWHHiUHawJRx00+RoJ3

Score

10^/10

blackmoon fatalrat aspackv2 banker discovery infostealer rat trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

37f0ee019fbe0517cfb0de1b592d660ecbf2537bf6e2bd59fe67f7e276700b77.exe

Resource

win7-20240903-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

37f0ee019fbe0517cfb0de1b592d660ecbf2537bf6e2bd59fe67f7e276700b77.exe

Resource

win10v2004-20241007-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  37f0ee019fbe0517cfb0de1b592d660ecbf2537bf6e2bd59fe67f7e276700b77
- Size
  
  106KB
- MD5
  
  10735be79033ec2644e55001b5eda019
- SHA1
  
  a5e412fb6f2f2e06025a8a5d6b6161c3b6835d19
- SHA256
  
  37f0ee019fbe0517cfb0de1b592d660ecbf2537bf6e2bd59fe67f7e276700b77
- SHA512
  
  8052fd744c8fdbe58b6591ad9d60bdf24017136dbe35b0440314446b77021494825bfe9be3962ff0832d66779f2f69902f10e823ff6be25bc52c6be6726a799a
- SSDEEP
  
  1536:GNmIqV+fI1663A6HPcrmbW1nLSW9hHiUouawWSCzARHRA7G1/qUjEpbWCE0UWOO+:wqgC64HPc+WoWHHiUHawJRx00+RoJ3
Score

10^/10

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

behavioral2

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

© 2018-2024

Terms | Privacy