mercurialgrabber | a132009149d0fb7b4ba7819bead8513632c20cb4a60714fc48c0a540b151023d | Triage

Submit
Reports

Overview

overview

Static

static

arkrillia.exe

windows10-2004-x64

Sharing

General

Target

arkrillia.exe
Size

205KB
Sample

220810-2tdwcsfhej
MD5

66aff825cf20a4a56cbb6fe58813f109
SHA1

a4080cb5ce0548ce62f48c05d2cbad30cc42c632
SHA256

a132009149d0fb7b4ba7819bead8513632c20cb4a60714fc48c0a540b151023d
SHA512

0028aaec3fda2a42d980e60a4519d1df106b865c465a2a20b75ac1173162f6911fa774978326eed5143d36c68694c60d395c3297ad800e54fed7e2c17e48b9d6

Score

10^/10

mercurialgrabber evasion stealer

Static task

static1

mercurialgrabber

1 signatures

Behavioral task

behavioral1

Sample

arkrillia.exe

Resource

win10v2004-20220721-en

mercurialgrabber evasion stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1007016849067737268/1_b8HSIrgq2JeCOH3L_DfjnxZdYrRclgRzadvbl_NmT5qaXgL7nX2ZYCcPjoGqVeN791

Targets

- Target
  
  arkrillia.exe
- Size
  
  205KB
- MD5
  
  66aff825cf20a4a56cbb6fe58813f109
- SHA1
  
  a4080cb5ce0548ce62f48c05d2cbad30cc42c632
- SHA256
  
  a132009149d0fb7b4ba7819bead8513632c20cb4a60714fc48c0a540b151023d
- SHA512
  
  0028aaec3fda2a42d980e60a4519d1df106b865c465a2a20b75ac1173162f6911fa774978326eed5143d36c68694c60d395c3297ad800e54fed7e2c17e48b9d6
Score

10^/10

mercurialgrabber evasion stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberevasionstealer

© 2018-2024

Terms | Privacy