General
-
Target
ez panel v1.00.exe
-
Size
190KB
-
Sample
221220-bqnchsge45
-
MD5
81d63db02fc4340a0a650afcdb4ad52f
-
SHA1
d05fde23581b854d545eb999b828972e459c2e2f
-
SHA256
29d15fe37016d36b92515e8fa662e4716fbceb997f8fc4953ccf44f3044751f8
-
SHA512
1649a75be6b827c8c518f2cd56669896e26a3980a8dee93313a537c842ae9449b16c3b3095b14093c45c718513528012e7f86546a3c942f113b7f4749ba99176
-
SSDEEP
1536:2Mhto0LYSTpF7EHZpeDY4nwPcySMh/21z:2H0L9TpF7EHZpeU4wkySMh/
Behavioral task
behavioral1
Sample
ez panel v1.00.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ez panel v1.00.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1047651409690099852/ZgKSrCZ-jJU-Qcge9dQmjydFOs1yONzShLWmXVSPFU8KmQyBM4-4z79eckSacZbvp6dS
Targets
-
-
Target
ez panel v1.00.exe
-
Size
190KB
-
MD5
81d63db02fc4340a0a650afcdb4ad52f
-
SHA1
d05fde23581b854d545eb999b828972e459c2e2f
-
SHA256
29d15fe37016d36b92515e8fa662e4716fbceb997f8fc4953ccf44f3044751f8
-
SHA512
1649a75be6b827c8c518f2cd56669896e26a3980a8dee93313a537c842ae9449b16c3b3095b14093c45c718513528012e7f86546a3c942f113b7f4749ba99176
-
SSDEEP
1536:2Mhto0LYSTpF7EHZpeDY4nwPcySMh/21z:2H0L9TpF7EHZpeU4wkySMh/
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-