Behavioral task
behavioral1
Sample
df31b3fc7860b4eabb64b6673cf1fbb0b049dfe94e41d8d3c7e080fe6b1880ec.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
df31b3fc7860b4eabb64b6673cf1fbb0b049dfe94e41d8d3c7e080fe6b1880ec.exe
Resource
win10v2004-20220812-en
General
-
Target
df31b3fc7860b4eabb64b6673cf1fbb0b049dfe94e41d8d3c7e080fe6b1880ec
-
Size
42KB
-
MD5
14daead92b9de032a82fe69eb67ec4d0
-
SHA1
cf25b43bd3b63d76b00f986c73f850cce781dcd2
-
SHA256
df31b3fc7860b4eabb64b6673cf1fbb0b049dfe94e41d8d3c7e080fe6b1880ec
-
SHA512
c9c9f3afdd27ed69f4de77f2a4280360bd5e2c47ab6fea1a5a601513b9666a647a8d981f1e9e14cad0ee007c742e3db35ed66832de50e8f187fd791fefc9884f
-
SSDEEP
768:0moRgBZ6an8z5pDts+uZeL/GMTjyKZKfgm3EhbH:0mh1n8z5PseL/GMT+F7EBH
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/946338467808428062/fmmZTEvI-K5ZRlswedTLLYiuPBYmwQGI4X7ryxFYBd_BclaBEyk1LxQQW5CDkKyFBx7m
Signatures
-
Mercurialgrabber family
Files
-
df31b3fc7860b4eabb64b6673cf1fbb0b049dfe94e41d8d3c7e080fe6b1880ec.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ