General
-
Target
ImageLogger.exe
-
Size
42KB
-
Sample
220825-k7bjqaafcj
-
MD5
d72a168b68aa5278af5226db1f59a6fb
-
SHA1
01a658c3349286ba4a6dc34368d967fad859b01d
-
SHA256
c7cc706fcd020a019209a94f2efac24215f1b5cb0a964336b443a0ea70d24fa3
-
SHA512
625f95c12eb4038a9cefb74e9111e5347060b30f0f3004959d8b44af941a8d2d1db993f3bcd76ebc2f071aa76639c0200c1b6b74921dca599a36d98e22dc6345
-
SSDEEP
768:KJ3S9d04lMmcgmpduZ4Ls9TjCKZKfgm3EhWO:KJG0AWpzLs9T+F7EMO
Behavioral task
behavioral1
Sample
ImageLogger.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ImageLogger.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/971211548544618506/14fNrE_WgfMdX-C1GRaEBZFXaq4YJP6FiYBNoZBmzVXQtH76hGEshw8B-Tczk-M6JPkm
Targets
-
-
Target
ImageLogger.exe
-
Size
42KB
-
MD5
d72a168b68aa5278af5226db1f59a6fb
-
SHA1
01a658c3349286ba4a6dc34368d967fad859b01d
-
SHA256
c7cc706fcd020a019209a94f2efac24215f1b5cb0a964336b443a0ea70d24fa3
-
SHA512
625f95c12eb4038a9cefb74e9111e5347060b30f0f3004959d8b44af941a8d2d1db993f3bcd76ebc2f071aa76639c0200c1b6b74921dca599a36d98e22dc6345
-
SSDEEP
768:KJ3S9d04lMmcgmpduZ4Ls9TjCKZKfgm3EhWO:KJG0AWpzLs9T+F7EMO
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-