General
-
Target
1ea3b43e8a8ce761479e26f94ccf9bd5.exe
-
Size
8.8MB
-
Sample
221030-vgtbysbhck
-
MD5
1ea3b43e8a8ce761479e26f94ccf9bd5
-
SHA1
5936e36c3dd39216803c72e0841da6f6df256291
-
SHA256
5fe32142dcc57fbdf2a827abcbf92f22d0e6b84aeb1d94f7a3c1c9f674d7567b
-
SHA512
c3bfcb88839ee2d3eedda32fbdd72dbc6b29ccf8217a265eb3edd19a0b4259a273343035296ac8b34d72bcdcd28697dee509107eb99f8cd6a59bb046dbee4e59
-
SSDEEP
196608:dCdbOITPSUUpIS9u/pRDXvQhAJ4TsHhGgXZQWYhr5bi:WjTPlcI1XDXv8A2TsBGgX
Static task
static1
Behavioral task
behavioral1
Sample
1ea3b43e8a8ce761479e26f94ccf9bd5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1ea3b43e8a8ce761479e26f94ccf9bd5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/835255995735343134/XNe_EsIHeOwVdqPUaV7pv4uxkib5RHnv_Tn6JCr4hEBupeIfyQN2tRINJsXKij_tI_Ec
Targets
-
-
Target
1ea3b43e8a8ce761479e26f94ccf9bd5.exe
-
Size
8.8MB
-
MD5
1ea3b43e8a8ce761479e26f94ccf9bd5
-
SHA1
5936e36c3dd39216803c72e0841da6f6df256291
-
SHA256
5fe32142dcc57fbdf2a827abcbf92f22d0e6b84aeb1d94f7a3c1c9f674d7567b
-
SHA512
c3bfcb88839ee2d3eedda32fbdd72dbc6b29ccf8217a265eb3edd19a0b4259a273343035296ac8b34d72bcdcd28697dee509107eb99f8cd6a59bb046dbee4e59
-
SSDEEP
196608:dCdbOITPSUUpIS9u/pRDXvQhAJ4TsHhGgXZQWYhr5bi:WjTPlcI1XDXv8A2TsBGgX
-
Matiex Main payload
-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-