blackmoon | db5ebaf833f42ac680d858bd2873e07f0cebf1016627ff3687e3521c66ed8c5b | Triage

Submit
Reports

Overview

overview

Static

static

7

db5ebaf833...5b.exe

windows7-x64

db5ebaf833...5b.exe

windows10-2004-x64

Sharing

General

Target

db5ebaf833f42ac680d858bd2873e07f0cebf1016627ff3687e3521c66ed8c5b
Size

106KB
Sample

241018-qkva7syelc
MD5

6a0f90d47cb818fbf65215becaebfc56
SHA1

3bed9eb472e8915c99f285b4f39088c9bfdac283
SHA256

db5ebaf833f42ac680d858bd2873e07f0cebf1016627ff3687e3521c66ed8c5b
SHA512

c841c23b7c863c6eeb2b168453b0b097b264c699d3afb6208af1aa997fa194fc9784c12c40de83c8fed4bf409ed787e0c881bd35b0b565934a6950ca32f33e50
SSDEEP

3072:DqgtB3f8Jf34KEhnsEi+xI9l6XutP1rDqRoJ3:DqvJfIGh+xI9lAu9ZD9

Score

10^/10

blackmoon fatalrat aspackv2 banker discovery infostealer rat trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

db5ebaf833f42ac680d858bd2873e07f0cebf1016627ff3687e3521c66ed8c5b.exe

Resource

win7-20240903-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

db5ebaf833f42ac680d858bd2873e07f0cebf1016627ff3687e3521c66ed8c5b.exe

Resource

win10v2004-20241007-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  db5ebaf833f42ac680d858bd2873e07f0cebf1016627ff3687e3521c66ed8c5b
- Size
  
  106KB
- MD5
  
  6a0f90d47cb818fbf65215becaebfc56
- SHA1
  
  3bed9eb472e8915c99f285b4f39088c9bfdac283
- SHA256
  
  db5ebaf833f42ac680d858bd2873e07f0cebf1016627ff3687e3521c66ed8c5b
- SHA512
  
  c841c23b7c863c6eeb2b168453b0b097b264c699d3afb6208af1aa997fa194fc9784c12c40de83c8fed4bf409ed787e0c881bd35b0b565934a6950ca32f33e50
- SSDEEP
  
  3072:DqgtB3f8Jf34KEhnsEi+xI9l6XutP1rDqRoJ3:DqvJfIGh+xI9lAu9ZD9
Score

10^/10

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

behavioral2

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

© 2018-2024

Terms | Privacy