Overview

overview

10

Static

static

10

d934d04fcc...13.exe

windows7_x64

10

d934d04fcc...13.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13

  • Size

    41KB

  • Sample

    220211-3rycnafcbk

  • MD5

    71b818d8192d62a082a0dabb7962e76a

  • SHA1

    ccb9744d66df57605dfe6c23bf73164da7ae9abb

  • SHA256

    d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13

  • SHA512

    86b64f98a407af3837021486a1e4cc310622c34d764e471c15547252a31598d007d34f2ba71ddc3d3cc5d7ba802d76754611cf681ae427ec45face49bfea52e0

Score
10/10
mercurialgrabberevasionstealer

Malware Config

Targets

    • Target

      d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13

    • Size

      41KB

    • MD5

      71b818d8192d62a082a0dabb7962e76a

    • SHA1

      ccb9744d66df57605dfe6c23bf73164da7ae9abb

    • SHA256

      d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13

    • SHA512

      86b64f98a407af3837021486a1e4cc310622c34d764e471c15547252a31598d007d34f2ba71ddc3d3cc5d7ba802d76754611cf681ae427ec45face49bfea52e0

    Score
    10/10
    mercurialgrabberevasionstealer

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

      stealermercurialgrabber

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks