General

  • Target

    080f12837e31a21f9decc69f193b77dacd983808c7880b49649a5f17f1ecd3e2

  • Size

    41KB

  • Sample

    220530-3kvm7aahap

  • MD5

    b090bdf568356e9c568173a8e1c99b35

  • SHA1

    6fb567b594a95d50a4bf3c6819fc48ff76aac945

  • SHA256

    080f12837e31a21f9decc69f193b77dacd983808c7880b49649a5f17f1ecd3e2

  • SHA512

    e8bcfed447f0a0aaa9852b09e4cc33ac9325ee175ec35f4fccc5ed7183636af82f2d58915cbe54e6dd78e61b2a916c2b777907ce2a848052e6f6465e7655050a

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/933706745237352448/wpSorLNjgHLh0yBJySLeDulfgCXh4lcRQ7cYhew8yONGxVIunKURnr4ipfw7Ao8pJDrP

Targets

    • Target

      080f12837e31a21f9decc69f193b77dacd983808c7880b49649a5f17f1ecd3e2

    • Size

      41KB

    • MD5

      b090bdf568356e9c568173a8e1c99b35

    • SHA1

      6fb567b594a95d50a4bf3c6819fc48ff76aac945

    • SHA256

      080f12837e31a21f9decc69f193b77dacd983808c7880b49649a5f17f1ecd3e2

    • SHA512

      e8bcfed447f0a0aaa9852b09e4cc33ac9325ee175ec35f4fccc5ed7183636af82f2d58915cbe54e6dd78e61b2a916c2b777907ce2a848052e6f6465e7655050a

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Legitimate hosting services abused for malware hosting/C2

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks