General
-
Target
Invite logger 3.12.3.exe
-
Size
42KB
-
Sample
220711-ye9gyaefh8
-
MD5
931a3a1c78ebaf73cca6891a98b35b67
-
SHA1
6c20d2fdf06689081a09f260dda93d817dedd7e2
-
SHA256
6eff66312e545d628761a66b204224fa6db6e68f196f78a109f9d09133346699
-
SHA512
5fdbe8dfa153f056b0f81f223cbc04f5ded230e9ddee98720c86660290d2436f020db5685cd0bd7284983aaacdd2db6904d314841f5e7d683150446e33fd033c
Static task
static1
Behavioral task
behavioral1
Sample
Invite logger 3.12.3.exe
Resource
win10-20220414-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/996073501809188886/iGeRczVTSXGK74AIMMUbFbxiNdTS42V1IL1EWU6lLCeGa3stdzKynlpVL8wWHN7LXfv_
Targets
-
-
Target
Invite logger 3.12.3.exe
-
Size
42KB
-
MD5
931a3a1c78ebaf73cca6891a98b35b67
-
SHA1
6c20d2fdf06689081a09f260dda93d817dedd7e2
-
SHA256
6eff66312e545d628761a66b204224fa6db6e68f196f78a109f9d09133346699
-
SHA512
5fdbe8dfa153f056b0f81f223cbc04f5ded230e9ddee98720c86660290d2436f020db5685cd0bd7284983aaacdd2db6904d314841f5e7d683150446e33fd033c
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
suricata: ET MALWARE NightfallGT Mercurial Grabber
suricata: ET MALWARE NightfallGT Mercurial Grabber
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-