General
-
Target
Jordies Cookie Logger.exe.bin
-
Size
239KB
-
Sample
230501-yhmscagb24
-
MD5
4f5db82ceae051a334e9934a8f04654e
-
SHA1
c2718aee26af1ea6fd7a79493856acf04a4ecc7b
-
SHA256
1d3c2f8e3ea55e8c6bd2ea0f4e6c9af2f46b18b2ee6b1bb0b84989ec3aa35afa
-
SHA512
99994eecbd54778fe3eb048616320fd9286ec4ccbc498b3646e7f04ddc7d16da4bc19f2f7a7f03f2496356110f51855f947a8a8e6a077b66d573aa957db656fd
-
SSDEEP
1536:yc1FGfdHQmRcUemWTdF7E38QXjmDP1ssFRj8GIrE0Kh:z1FGfPebTdF7EMojmDP1nR7
Behavioral task
behavioral1
Sample
Jordies Cookie Logger.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Jordies Cookie Logger.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1102311336144281651/AggFDc030bCWL6dhEwpzvuepwnDNY48ohf4BcCNpOjj5RGlV9Top-zhP77-q70dVzYx3
Targets
-
-
Target
Jordies Cookie Logger.exe.bin
-
Size
239KB
-
MD5
4f5db82ceae051a334e9934a8f04654e
-
SHA1
c2718aee26af1ea6fd7a79493856acf04a4ecc7b
-
SHA256
1d3c2f8e3ea55e8c6bd2ea0f4e6c9af2f46b18b2ee6b1bb0b84989ec3aa35afa
-
SHA512
99994eecbd54778fe3eb048616320fd9286ec4ccbc498b3646e7f04ddc7d16da4bc19f2f7a7f03f2496356110f51855f947a8a8e6a077b66d573aa957db656fd
-
SSDEEP
1536:yc1FGfdHQmRcUemWTdF7E38QXjmDP1ssFRj8GIrE0Kh:z1FGfPebTdF7EMojmDP1nR7
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-