mercurialgrabber | 708b43bf82bcdfbb1e69e7304e9cebc6d93f1bf41f323ea324a2680439a65059 | Triage

Submit
Reports

Overview

overview

Static

static

gamesense.exe

windows10-1703-x64

Resubmissions

20-09-2022 07:09

220920-hzaw4scbh8 10

Sharing

General

Target

gamesense.exe.exe
Size

42KB
Sample

220920-hzaw4scbh8
MD5

6448b01d93a9e5a9742c502bc55a5fa6
SHA1

c6370a76f787c5e00f3285661e48ec2d119ceb61
SHA256

708b43bf82bcdfbb1e69e7304e9cebc6d93f1bf41f323ea324a2680439a65059
SHA512

73bba2a50fc6f2e867f031d0fed87b943c9d912827e44f5fd02e6f7b54e389f5fbd9237f1c26aeab08bac09df1ad0c49265779f07bc31ca9b789bbb8d960d710
SSDEEP

384:/EKq4RXR2iYeQj15jRMdRRSgxfYTxUs/XZxIh/3oJEFq5nmtjTAsQKQsLd/SfgUf://ErORMfiuZBLUjTjQKZKfgm3EhBA

Score

10^/10

mercurialgrabber evasion spyware stealer

Static task

static1

mercurialgrabber

1 signatures

Behavioral task

behavioral1

Sample

gamesense.exe

Resource

win10-20220812-en

mercurialgrabber evasion spyware stealer

windows10-1703-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discordapp.com/api/webhooks/988865232166342696/iJ0tnhVZRP1yseNXNTzXGYDaQXwQjFYvvlHL82pQJvxCF1Jo0Ew-qVlBfQ-LpAf_17JJ

Targets

- Target
  
  gamesense.exe.exe
- Size
  
  42KB
- MD5
  
  6448b01d93a9e5a9742c502bc55a5fa6
- SHA1
  
  c6370a76f787c5e00f3285661e48ec2d119ceb61
- SHA256
  
  708b43bf82bcdfbb1e69e7304e9cebc6d93f1bf41f323ea324a2680439a65059
- SHA512
  
  73bba2a50fc6f2e867f031d0fed87b943c9d912827e44f5fd02e6f7b54e389f5fbd9237f1c26aeab08bac09df1ad0c49265779f07bc31ca9b789bbb8d960d710
- SSDEEP
  
  384:/EKq4RXR2iYeQj15jRMdRRSgxfYTxUs/XZxIh/3oJEFq5nmtjTAsQKQsLd/SfgUf://ErORMfiuZBLUjTjQKZKfgm3EhBA
Score

10^/10

mercurialgrabber evasion spyware stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberevasionspywarestealer

© 2018-2024

Terms | Privacy