mercurialgrabber | da30695ae26ed9e4aec854eccbc5b041ba5ef7f25dcdc26b5f8fc23d475892a5 | Triage

Submit
Reports

Overview

overview

Static

static

Fortnitege...ed.exe

windows7_x64

Fortnitege...ed.exe

windows10-2004_x64

Sharing

General

Target

FortnitegenUpdated.rar
Size

25KB
Sample

220609-m7dp7abfd9
MD5

b3c60f71cb065bc2280d23aa62e88ce2
SHA1

ab0e185c3487f97f9ce171464bdfd74982e26ba0
SHA256

da30695ae26ed9e4aec854eccbc5b041ba5ef7f25dcdc26b5f8fc23d475892a5
SHA512

2739c9b38861ff6f7d9737f8880b4e5fc68295ed1e2a12ad54ba40ce12a3bcad2a76eeb458606cc5b970884d46ea169a3fa4520e5a70cb5d56b4eadf449a97e8

Score

10^/10

mercurialgrabber evasion spyware stealer suricata

Static task

static1

mercurialgrabber

Behavioral task

behavioral1

Sample

FortnitegenUpdated.exe

Resource

win7-20220414-en

mercurialgrabber evasion spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FortnitegenUpdated.exe

Resource

win10v2004-20220414-en

mercurialgrabber evasion spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/970281661377937418/Mz9gbWbS5Zg8MvehHxS1RhN_SCz7z8QHf3HMOOD0gCyTGqUrttiJvVim6lz2FEWRQIzm

Targets

- Target
  
  FortnitegenUpdated.exe
- Size
  
  57KB
- MD5
  
  975a05938ac5db977386fa5786c31a1a
- SHA1
  
  4e987d5b99b7e01d1d55c0465ff796224b3d9c0c
- SHA256
  
  179bf484901224102ac56c7191af08e85ce933c8b8997c971e4a241d6fe70dfe
- SHA512
  
  87d08a2e6fdaa2d65a82d18f2cce6e4c2a358022e33709151399b3242a024bc39c987e4aac9ba099d7241b93d8cddced7c691b33a5048a23a5798bf474961dbe
Score

10^/10

mercurialgrabber evasion spyware stealer suricata
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- suricata: ET MALWARE NightfallGT Mercurial Grabber
  suricata: ET MALWARE NightfallGT Mercurial Grabber
  suricata
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberevasionspywarestealersuricata

behavioral2

mercurialgrabberevasionspywarestealersuricata

© 2018-2024

Terms | Privacy