blankgrabber | d7b380e7fced4519fce629d2cec6ef58a2aee2a7e7da65ef3aaa37e3c0b163fc | Triage

Submit
Reports

Overview

overview

Static

static

MoneyChatv1.exe

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

MoneyChatv1.exe
Size

7.4MB
Sample

240515-x2xwzsga98
MD5

368b9633a3ccbb209416a111402f8ad5
SHA1

d0d3956f1fa4f87d95698315ff77b13715ce44de
SHA256

d7b380e7fced4519fce629d2cec6ef58a2aee2a7e7da65ef3aaa37e3c0b163fc
SHA512

ff9700ed25fa4a7daaa8dfec3353d813f10f35537d650459b5aa539321b115ccd569497889fdbf11276bc6f75ba6648134b1f368719c367504e2a98cb0f553ac
SSDEEP

196608:rragD+sxfd82urErvI9pWjgU1DEzx7sKL/s1t5AkjUWlRH2WQ:XXxfdBurEUWjhEhn01tn92WQ

Score

10^/10

blankgrabber evasion execution spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

MoneyChatv1.exe

Resource

win10-20240404-en

evasion execution spyware stealer upx

windows10-1703-x64

18 signatures

300 seconds

Malware Config

Targets

- Target
  
  MoneyChatv1.exe
- Size
  
  7.4MB
- MD5
  
  368b9633a3ccbb209416a111402f8ad5
- SHA1
  
  d0d3956f1fa4f87d95698315ff77b13715ce44de
- SHA256
  
  d7b380e7fced4519fce629d2cec6ef58a2aee2a7e7da65ef3aaa37e3c0b163fc
- SHA512
  
  ff9700ed25fa4a7daaa8dfec3353d813f10f35537d650459b5aa539321b115ccd569497889fdbf11276bc6f75ba6648134b1f368719c367504e2a98cb0f553ac
- SSDEEP
  
  196608:rragD+sxfd82urErvI9pWjgU1DEzx7sKL/s1t5AkjUWlRH2WQ:XXxfdBurEUWjhEhn01tn92WQ
Score

10^/10

evasion execution spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionspywarestealerupx

© 2018-2025

Terms | Privacy