General
-
Target
582adf8000db933ac1d9560465ef7b4b
-
Size
41KB
-
Sample
220622-fxj1wsgehm
-
MD5
582adf8000db933ac1d9560465ef7b4b
-
SHA1
76807d0b6ffeea94ea42c1b441c1223c93c959af
-
SHA256
2b7dc931c857da0c4e64aa5569f220f3b98490a344c56edc55173741898ba562
-
SHA512
a5f3d5a86b8861f25785ad9fb2f54614075bb564a895c846118dabd2a5b45ef2ba8a740c37d8c4f1f76ec962e484b401bfa634af53d71917932e329dd2e844ac
Static task
static1
Behavioral task
behavioral1
Sample
582adf8000db933ac1d9560465ef7b4b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
582adf8000db933ac1d9560465ef7b4b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/987288178752884747/4S6xp_1f5C9we3JnzXHAkblM4q3Pg1EKy7nWm9kbPGXocHRekqfTfccru11JMCc1DVD9
Targets
-
-
Target
582adf8000db933ac1d9560465ef7b4b
-
Size
41KB
-
MD5
582adf8000db933ac1d9560465ef7b4b
-
SHA1
76807d0b6ffeea94ea42c1b441c1223c93c959af
-
SHA256
2b7dc931c857da0c4e64aa5569f220f3b98490a344c56edc55173741898ba562
-
SHA512
a5f3d5a86b8861f25785ad9fb2f54614075bb564a895c846118dabd2a5b45ef2ba8a740c37d8c4f1f76ec962e484b401bfa634af53d71917932e329dd2e844ac
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
suricata: ET MALWARE NightfallGT Mercurial Grabber
suricata: ET MALWARE NightfallGT Mercurial Grabber
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-