Behavioral task
behavioral1
Sample
Mercurial/MercurialGrabber.exe
Resource
win10-20220812-en
General
-
Target
Mercurial_Grabber.zip
-
Size
2.0MB
-
MD5
8e61452d128ccebcb612573f0ae0beed
-
SHA1
e627ba531ad761ca08669abceae210649247d70a
-
SHA256
88fe1b8e883a79400b981c312e1879b78206a08ebb0e0631b6361e7d5e0d757b
-
SHA512
826977cf578007ed97970d77846d3e050a6491d6f83201672ad035dea564bab6111816363f6a049f3a1b4bd4168010cd6b4268104fc17524cca15c3a5cc56fe8
-
SSDEEP
49152:EhT/CZGy6WqFjDIa9RaRDhaxTCcqGd9jkLgdk3T:EA3qZDtCD+ColGT
Malware Config
Signatures
-
StormKitty payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/Mercurial/MercurialGrabber.exe family_stormkitty -
Stormkitty family
Files
-
Mercurial_Grabber.zip.zip
-
Mercurial/MercurialGrabber.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Mercurial/README.md