General
-
Target
Scarlet Fire.mp3.exe.vir
-
Size
70KB
-
Sample
220617-yalkbaffc5
-
MD5
57924054a1b3516c97641003c14c58e8
-
SHA1
9270f1beecf71d576a62eeb9bd72bfef62630fcf
-
SHA256
3a4749bc15a6dc1d86629e0bdac7c7ab8b928ce48e3f52d64adf191eef785cb3
-
SHA512
5cf2ba72fc2163a40398ec98cdeb9d631d5d9fe870488f63fe1092f3ae2aa4c68f226059c7acf1eff36695c00dc7afbdc36016ebc643b46b5e41dd9a24e36e60
Static task
static1
Behavioral task
behavioral1
Sample
Scarlet Fire.mp3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Scarlet Fire.mp3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/987060454520143972/rPz8q4JjnA4mh1R92et8VKh7pvMkSOZ4EGEy_g6NnzZinjwIOl7CP5pwIMe1ys9bICw9
Targets
-
-
Target
Scarlet Fire.mp3.exe.vir
-
Size
70KB
-
MD5
57924054a1b3516c97641003c14c58e8
-
SHA1
9270f1beecf71d576a62eeb9bd72bfef62630fcf
-
SHA256
3a4749bc15a6dc1d86629e0bdac7c7ab8b928ce48e3f52d64adf191eef785cb3
-
SHA512
5cf2ba72fc2163a40398ec98cdeb9d631d5d9fe870488f63fe1092f3ae2aa4c68f226059c7acf1eff36695c00dc7afbdc36016ebc643b46b5e41dd9a24e36e60
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
suricata: ET MALWARE NightfallGT Mercurial Grabber
suricata: ET MALWARE NightfallGT Mercurial Grabber
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-