General
-
Target
IMG_F2A69CB1D0CD-1.jpeg
-
Size
202KB
-
Sample
230429-3cwkhsed8z
-
MD5
4adf394b62000084d383fe8286945cc2
-
SHA1
fe9110c7c6a98d41863705aff00f83d5bd874f80
-
SHA256
ad0cfbeb1f0290826790e561d36f12c088813d41c7f62c1307a3e976edaab10d
-
SHA512
b78ae3e8d20c800dc20e65b7d1831a6a6db39297e56f1405434833fb93d3b6cf37edd47d4d33b30735e0b700108ed463a0cfd0e217f4918983fef13fb9730599
-
SSDEEP
3072:YyVZLoWbAapsSnHprzqFO+Ny/XB6bdt5QRby68ilm5HeJ5fHCv3KKlA:YG95dJPlN/XytSwTioeo3KKlA
Static task
static1
Behavioral task
behavioral1
Sample
IMG_F2A69CB1D0CD-1.jpg
Resource
win10v2004-20230221-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1102013447467696189/X2EPk6Eghk0_VSVfWoxxI1jhhmJws3jaP0srs2z-qGBe1kNQAmpH9LqJm_iAArUVB2uD
Targets
-
-
Target
IMG_F2A69CB1D0CD-1.jpeg
-
Size
202KB
-
MD5
4adf394b62000084d383fe8286945cc2
-
SHA1
fe9110c7c6a98d41863705aff00f83d5bd874f80
-
SHA256
ad0cfbeb1f0290826790e561d36f12c088813d41c7f62c1307a3e976edaab10d
-
SHA512
b78ae3e8d20c800dc20e65b7d1831a6a6db39297e56f1405434833fb93d3b6cf37edd47d4d33b30735e0b700108ed463a0cfd0e217f4918983fef13fb9730599
-
SSDEEP
3072:YyVZLoWbAapsSnHprzqFO+Ny/XB6bdt5QRby68ilm5HeJ5fHCv3KKlA:YG95dJPlN/XytSwTioeo3KKlA
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-