Overview

overview

10

Static

static

10

Nitro Generator.exe

windows7-x64

10

Nitro Generator.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nitro Generator.exe

  • Size

    42KB

  • Sample

    221008-bwzyhadhf3

  • MD5

    f876e8abb41050c1804a7a27472539f6

  • SHA1

    e43ac116f0960c99d9f99d4f07c1f39adc3788f1

  • SHA256

    f4fcee629d0cff0f3ef2293353bd65945f5d022872692084a2070a2be45b6955

  • SHA512

    3bdd94636d7732b2714b08d92bb84850e69222f470ba34f3c82771d81b79ddc9b85419c1c4458c767f72719bedfaf2e7548835e28d1499292e77d207ffea10e9

  • SSDEEP

    768:NiSbjAuRHCBuZMhLfvTjMLKZKfgm3Ehat:Nt9RHCrLfvTYLF7EAt

Score
10/10
mercurialgrabberevasionstealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1025859706373296138/RTELJNdCxYhdj6ZzM2cwNuXYgqUFjRz_CmoH5uJORXdkYOcKOXWAB79omPP_FUG0WzNG

Targets

    • Target

      Nitro Generator.exe

    • Size

      42KB

    • MD5

      f876e8abb41050c1804a7a27472539f6

    • SHA1

      e43ac116f0960c99d9f99d4f07c1f39adc3788f1

    • SHA256

      f4fcee629d0cff0f3ef2293353bd65945f5d022872692084a2070a2be45b6955

    • SHA512

      3bdd94636d7732b2714b08d92bb84850e69222f470ba34f3c82771d81b79ddc9b85419c1c4458c767f72719bedfaf2e7548835e28d1499292e77d207ffea10e9

    • SSDEEP

      768:NiSbjAuRHCBuZMhLfvTjMLKZKfgm3Ehat:Nt9RHCrLfvTYLF7EAt

    Score
    10/10
    mercurialgrabberevasionstealer

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

      stealermercurialgrabber

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Legitimate hosting services abused for malware hosting/C2

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

6
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

4
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks