mercurialgrabber | d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13

General

Target

d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe
Size

41KB
MD5

71b818d8192d62a082a0dabb7962e76a
SHA1

ccb9744d66df57605dfe6c23bf73164da7ae9abb
SHA256

d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13
SHA512

86b64f98a407af3837021486a1e4cc310622c34d764e471c15547252a31598d007d34f2ba71ddc3d3cc5d7ba802d76754611cf681ae427ec45face49bfea52e0

Score

10^/10

Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
stealer mercurialgrabber
Looks for VirtualBox Guest Additions in registry 2 TTPs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497
Looks for VMWare Tools registry key 2 TTPs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

System Information Discovery

Processes:

d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe

Checks SCSI registry key(s) 3 TTPs 1 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

System Information Discovery

Processes:

d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S	d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

System Information Discovery

Processes:

d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation	d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer	d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName	d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0	d934d04fccac52d6f8ddceaceb608f3bec116928a7c0a2552b57861d465e7e13.exe