blackmoon | d36d96120d39714d34f6f2117bfc9d1ffa909fc39b343c7654e9267b692bbae0 | Triage

Submit
Reports

Overview

overview

Static

static

3

d36d96120d...e0.exe

windows7-x64

d36d96120d...e0.exe

windows10-2004-x64

Sharing

General

Target

d36d96120d39714d34f6f2117bfc9d1ffa909fc39b343c7654e9267b692bbae0
Size

107KB
Sample

241218-shzh9asrdx
MD5

e919228dc7dad297ff3b11ba33e6bf63
SHA1

ae82ec491c80521d8d74bc11d26d3dfe103e8c3f
SHA256

d36d96120d39714d34f6f2117bfc9d1ffa909fc39b343c7654e9267b692bbae0
SHA512

d712412c63a808ac6623d8988fac4a29f6fc87b1bd0ae784494654146847dc2a6fd6b57907f2f798c6de42698c1304e65b2fe836a294d74435c0732dbe89dcce
SSDEEP

1536:nnTCqOpUwDWHpuFFedUSERPfZnmQJYR3iVeO64MDYewM6CbEjZV5MRigHR3S20Z8:TwUw88FeMVmgYR3VO64MEew9rHml3Y

Score

10^/10

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d36d96120d39714d34f6f2117bfc9d1ffa909fc39b343c7654e9267b692bbae0.exe

Resource

win7-20240903-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

d36d96120d39714d34f6f2117bfc9d1ffa909fc39b343c7654e9267b692bbae0.exe

Resource

win10v2004-20241007-en

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  d36d96120d39714d34f6f2117bfc9d1ffa909fc39b343c7654e9267b692bbae0
- Size
  
  107KB
- MD5
  
  e919228dc7dad297ff3b11ba33e6bf63
- SHA1
  
  ae82ec491c80521d8d74bc11d26d3dfe103e8c3f
- SHA256
  
  d36d96120d39714d34f6f2117bfc9d1ffa909fc39b343c7654e9267b692bbae0
- SHA512
  
  d712412c63a808ac6623d8988fac4a29f6fc87b1bd0ae784494654146847dc2a6fd6b57907f2f798c6de42698c1304e65b2fe836a294d74435c0732dbe89dcce
- SSDEEP
  
  1536:nnTCqOpUwDWHpuFFedUSERPfZnmQJYR3iVeO64MDYewM6CbEjZV5MRigHR3S20Z8:TwUw88FeMVmgYR3VO64MEew9rHml3Y
Score

10^/10

blackmoon fatalrat banker discovery infostealer rat trojan vmprotect
- Blackmoon family
  blackmoon
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatalrat family
  fatalrat
- Fatal Rat payload
  rat infostealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

behavioral2

blackmoonfatalratbankerdiscoveryinfostealerrattrojanvmprotect

© 2018-2024

Terms | Privacy