General

  • Target

    2b7dc931c857da0c4e64aa5569f220f3b98490a344c56edc55173741898ba562

  • Size

    41KB

  • Sample

    220622-fzxd1agfam

  • MD5

    582adf8000db933ac1d9560465ef7b4b

  • SHA1

    76807d0b6ffeea94ea42c1b441c1223c93c959af

  • SHA256

    2b7dc931c857da0c4e64aa5569f220f3b98490a344c56edc55173741898ba562

  • SHA512

    a5f3d5a86b8861f25785ad9fb2f54614075bb564a895c846118dabd2a5b45ef2ba8a740c37d8c4f1f76ec962e484b401bfa634af53d71917932e329dd2e844ac

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/987288178752884747/4S6xp_1f5C9we3JnzXHAkblM4q3Pg1EKy7nWm9kbPGXocHRekqfTfccru11JMCc1DVD9

Targets

    • Target

      2b7dc931c857da0c4e64aa5569f220f3b98490a344c56edc55173741898ba562

    • Size

      41KB

    • MD5

      582adf8000db933ac1d9560465ef7b4b

    • SHA1

      76807d0b6ffeea94ea42c1b441c1223c93c959af

    • SHA256

      2b7dc931c857da0c4e64aa5569f220f3b98490a344c56edc55173741898ba562

    • SHA512

      a5f3d5a86b8861f25785ad9fb2f54614075bb564a895c846118dabd2a5b45ef2ba8a740c37d8c4f1f76ec962e484b401bfa634af53d71917932e329dd2e844ac

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • suricata: ET MALWARE NightfallGT Mercurial Grabber

      suricata: ET MALWARE NightfallGT Mercurial Grabber

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks