mercurialgrabber | 6eff66312e545d628761a66b204224fa6db6e68f196f78a109f9d09133346699 | Triage

Submit
Reports

Overview

overview

Static

static

Invite log....3.exe

windows10_x64

Sharing

General

Target

Invite logger 3.12.3.exe
Size

42KB
Sample

220711-ye9gyaefh8
MD5

931a3a1c78ebaf73cca6891a98b35b67
SHA1

6c20d2fdf06689081a09f260dda93d817dedd7e2
SHA256

6eff66312e545d628761a66b204224fa6db6e68f196f78a109f9d09133346699
SHA512

5fdbe8dfa153f056b0f81f223cbc04f5ded230e9ddee98720c86660290d2436f020db5685cd0bd7284983aaacdd2db6904d314841f5e7d683150446e33fd033c

Score

10^/10

mercurialgrabber evasion spyware stealer suricata

Static task

static1

mercurialgrabber

Behavioral task

behavioral1

Sample

Invite logger 3.12.3.exe

Resource

win10-20220414-en

mercurialgrabber evasion spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/996073501809188886/iGeRczVTSXGK74AIMMUbFbxiNdTS42V1IL1EWU6lLCeGa3stdzKynlpVL8wWHN7LXfv_

Targets

- Target
  
  Invite logger 3.12.3.exe
- Size
  
  42KB
- MD5
  
  931a3a1c78ebaf73cca6891a98b35b67
- SHA1
  
  6c20d2fdf06689081a09f260dda93d817dedd7e2
- SHA256
  
  6eff66312e545d628761a66b204224fa6db6e68f196f78a109f9d09133346699
- SHA512
  
  5fdbe8dfa153f056b0f81f223cbc04f5ded230e9ddee98720c86660290d2436f020db5685cd0bd7284983aaacdd2db6904d314841f5e7d683150446e33fd033c
Score

10^/10

mercurialgrabber evasion spyware stealer suricata
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- suricata: ET MALWARE NightfallGT Mercurial Grabber
  suricata: ET MALWARE NightfallGT Mercurial Grabber
  suricata
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberevasionspywarestealersuricata

© 2018-2024

Terms | Privacy