blackmoon | 33cf43751b8ccc1776b7fc0c3f8a96cf7924d9b020ce7d5ac4d62cabc14637c2 | Triage

Submit
Reports

Overview

overview

Static

static

7

33cf43751b...c2.exe

windows7-x64

33cf43751b...c2.exe

windows10-2004-x64

Sharing

General

Target

33cf43751b8ccc1776b7fc0c3f8a96cf7924d9b020ce7d5ac4d62cabc14637c2
Size

107KB
Sample

241211-dnn75sxrdk
MD5

4eb4cf8d874a83cd3b36972c7419d817
SHA1

719f9d537a32280c0203b80f54ce0c5083343226
SHA256

33cf43751b8ccc1776b7fc0c3f8a96cf7924d9b020ce7d5ac4d62cabc14637c2
SHA512

4e0704ee6fe9700efde7728d56b6727b5ff599555c795233a0d8cbcc546dceb4223b25b7f4c558386995fc2a55e17dcfe43bd7b34a622f98c77e1fdd208908a2
SSDEEP

1536:qnTCqOpUwDWHpuFFedUSERPfZnmQJYR3iVeO64MDYewM6CbEjZV5MRigHR3S20Z8:0wUw88FeMVmgYR3VO64MEew9rHml3Y

Score

10^/10

blackmoon fatalrat aspackv2 banker discovery infostealer rat trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

33cf43751b8ccc1776b7fc0c3f8a96cf7924d9b020ce7d5ac4d62cabc14637c2.exe

Resource

win7-20240903-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

33cf43751b8ccc1776b7fc0c3f8a96cf7924d9b020ce7d5ac4d62cabc14637c2.exe

Resource

win10v2004-20241007-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  33cf43751b8ccc1776b7fc0c3f8a96cf7924d9b020ce7d5ac4d62cabc14637c2
- Size
  
  107KB
- MD5
  
  4eb4cf8d874a83cd3b36972c7419d817
- SHA1
  
  719f9d537a32280c0203b80f54ce0c5083343226
- SHA256
  
  33cf43751b8ccc1776b7fc0c3f8a96cf7924d9b020ce7d5ac4d62cabc14637c2
- SHA512
  
  4e0704ee6fe9700efde7728d56b6727b5ff599555c795233a0d8cbcc546dceb4223b25b7f4c558386995fc2a55e17dcfe43bd7b34a622f98c77e1fdd208908a2
- SSDEEP
  
  1536:qnTCqOpUwDWHpuFFedUSERPfZnmQJYR3iVeO64MDYewM6CbEjZV5MRigHR3S20Z8:0wUw88FeMVmgYR3VO64MEew9rHml3Y
Score

10^/10

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatalrat family
  fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

behavioral2

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

© 2018-2024

Terms | Privacy