7900f7e9e009679cb581de76d7535e55ec92ac7aca7074dbdb24c6e28baf7b0e | Triage

Submit
Reports

Overview

overview

7

Static

static

Mercurial.exe

windows7_x64

7

Mercurial.exe

windows10_x64

7

Sharing

General

Target

Mercurial.exe
Size

7.9MB
Sample

210926-z3m5aafdb8
MD5

8cad58c674edbe5bafe3a7f3b690e450
SHA1

ba629864335ffef2a62808384087deb45342b755
SHA256

7900f7e9e009679cb581de76d7535e55ec92ac7aca7074dbdb24c6e28baf7b0e
SHA512

e0a5936c75920cd35e2ee96d7810c932a77a5cdc7752e75af660069ba88016cbb75dcd17fe944e86ecdd6083e1066dab4abb4ebd36bb019d81982cc39653a125

Score

7^/10

spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Mercurial.exe

Resource

win7-en-20210920

spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Mercurial.exe

Resource

win10v20210408

spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Mercurial.exe
- Size
  
  7.9MB
- MD5
  
  8cad58c674edbe5bafe3a7f3b690e450
- SHA1
  
  ba629864335ffef2a62808384087deb45342b755
- SHA256
  
  7900f7e9e009679cb581de76d7535e55ec92ac7aca7074dbdb24c6e28baf7b0e
- SHA512
  
  e0a5936c75920cd35e2ee96d7810c932a77a5cdc7752e75af660069ba88016cbb75dcd17fe944e86ecdd6083e1066dab4abb4ebd36bb019d81982cc39653a125
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy