General
-
Target
Mercurial_Grabber.zip
-
Size
2.0MB
-
Sample
230123-ssaymsfd91
-
MD5
8e61452d128ccebcb612573f0ae0beed
-
SHA1
e627ba531ad761ca08669abceae210649247d70a
-
SHA256
88fe1b8e883a79400b981c312e1879b78206a08ebb0e0631b6361e7d5e0d757b
-
SHA512
826977cf578007ed97970d77846d3e050a6491d6f83201672ad035dea564bab6111816363f6a049f3a1b4bd4168010cd6b4268104fc17524cca15c3a5cc56fe8
-
SSDEEP
49152:EhT/CZGy6WqFjDIa9RaRDhaxTCcqGd9jkLgdk3T:EA3qZDtCD+ColGT
Behavioral task
behavioral1
Sample
Mercurial/MercurialGrabber.exe
Resource
win10-20220812-en
Malware Config
Targets
-
-
Target
Mercurial/MercurialGrabber.exe
-
Size
2.0MB
-
MD5
8edade6405cfed1d90d791a4b5fbb4de
-
SHA1
e91421329b339d2e73129ce8a5d5a7f15534812e
-
SHA256
ca8d96e59856fff2dba01a6844e636f882b6a57aa8c059827bc8e5417a5a134e
-
SHA512
815ea7f5b649954ada59895e0737c076ca1d71a144d18e2d640e82d1ec4db5f9e75a376c00ca97e4514b8ce318cf157aec0a01c15fe8774ddcf944d382e94812
-
SSDEEP
49152:T4/o7K1lja8Gdq7ZMHbLjSR9SBl5c9Tc+MGlDKVXhWd9/2A:U/zXjaL4ZMHbLjQElAcfMDz
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-