General
-
Target
shanghai-china.png
-
Size
116KB
-
Sample
230428-sykd9seh85
-
MD5
62532f4cdc95ea103c7553e32df4a81c
-
SHA1
0908819aaae8056c0f3a006cf194e6f0c7e7533e
-
SHA256
8add3189ea884a191b23bc041fe3f37d98c5ceac43645a170bf0ae7d7aa34fcb
-
SHA512
c7a4d5418dfec68c46335a045b3d6fc76be9b93281d59b31c89365951f45f72094bb258c0b2ec7a108ed4aead25cf4757020b01ff4dcbcad6a6b9a70b7a0a55f
-
SSDEEP
3072:t8HSA1veMxROyHch6CbhDMbRazMDUzd/Qm:sSA12MR/Hch6ClDK1UBj
Static task
static1
Behavioral task
behavioral1
Sample
shanghai-china.png
Resource
win10v2004-20230220-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1099387908529590436/csI680QjQ0rYN47OrautZioSZMjNoV4gtJ-oJSEQllIml9uxWdhEdyeB7kzNFxzuWBnd
Targets
-
-
Target
shanghai-china.png
-
Size
116KB
-
MD5
62532f4cdc95ea103c7553e32df4a81c
-
SHA1
0908819aaae8056c0f3a006cf194e6f0c7e7533e
-
SHA256
8add3189ea884a191b23bc041fe3f37d98c5ceac43645a170bf0ae7d7aa34fcb
-
SHA512
c7a4d5418dfec68c46335a045b3d6fc76be9b93281d59b31c89365951f45f72094bb258c0b2ec7a108ed4aead25cf4757020b01ff4dcbcad6a6b9a70b7a0a55f
-
SSDEEP
3072:t8HSA1veMxROyHch6CbhDMbRazMDUzd/Qm:sSA12MR/Hch6ClDK1UBj
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-