blankgrabber | b2626227ff600eed409e4fe32e7abaa96770c7adab72dccd5ec3dee0da0ecfe9

Sharing

General

Target

Mountain.exe
Size

8.2MB
Sample

240808-1b7kaatfkg
MD5

1dd5fbdd730bb9846d82c3eb08041a45
SHA1

52f9af7bfe8d4e012272c4e65c7f51874f19c60e
SHA256

b2626227ff600eed409e4fe32e7abaa96770c7adab72dccd5ec3dee0da0ecfe9
SHA512

d61c46f39c224c3faa726083648190de6d20a8cb50e1cb0f7a6699bbf2ef5149808c1105b73c0cfd1b10e30c745a09b3018661ef226e02a1bce367f92a83eac8
SSDEEP

196608:kr48PmdNLjv+bhqNVoB0SEsucQZ41JBzp0IM11tp:T8P21L+9qz80SJHQK1Jlpe1vp

Score

10^/10

Malware Config

Targets

- Target
  
  Mountain.exe
- Size
  
  8.2MB
- MD5
  
  1dd5fbdd730bb9846d82c3eb08041a45
- SHA1
  
  52f9af7bfe8d4e012272c4e65c7f51874f19c60e
- SHA256
  
  b2626227ff600eed409e4fe32e7abaa96770c7adab72dccd5ec3dee0da0ecfe9
- SHA512
  
  d61c46f39c224c3faa726083648190de6d20a8cb50e1cb0f7a6699bbf2ef5149808c1105b73c0cfd1b10e30c745a09b3018661ef226e02a1bce367f92a83eac8
- SSDEEP
  
  196608:kr48PmdNLjv+bhqNVoB0SEsucQZ41JBzp0IM11tp:T8P21L+9qz80SJHQK1Jlpe1vp
Score

10^/10

collection credential_access defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral10 behavioral11 behavioral12 behavioral13 behavioral14 behavioral15 behavioral16 behavioral17 behavioral18 behavioral19 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9