General

  • Target

    Fentanyl-main.zip

  • Size

    12KB

  • Sample

    230506-n6efrsbc8t

  • MD5

    502a3c2c9ab1d1687617f74cc16fd657

  • SHA1

    6161703d84b17f0ad7b5a91c5f10d891cc953ba2

  • SHA256

    353a195df0e3a85480363b5d5380f318a3500e6f633fff32f2e6b1a69d7d2de9

  • SHA512

    1d86b734be25aa4ded6893f16c441126a1d2ec0e27f5af23f2ea34029ea8ff88857f4049aa6f85b88826da068f714fffb59aeeaf2959cfcb4808fbfd8793361d

  • SSDEEP

    192:/N0pFBCOLvR2qOk1ladFNRuis3UXTpqhWiSBaJptChSHJFetz+NQi2xy:l0pGIRFOkrQPu9UohY4tChSHutfi6y

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1104377812602851368/c0t8rEMynJvEwJwDOmp8f601_HYfPxcy52MRmpGl0wPRqD4AHpKUnJfsYWXsbLX3KiaO

Targets

    • Target

      Fentanyl-main/fenty.py

    • Size

      43KB

    • MD5

      80a9c77af8e34f3c2b0f26552138d708

    • SHA1

      6e277b177bc9f128d40d737f9cbee1e64372154b

    • SHA256

      70376ae9437efcd92034825528cc12f1c0e03c1a4f965aabb3377d2a19e1d4f7

    • SHA512

      bb57de1c451204593da2f88c639c01454b46be7a3df0c843590fb808f6a7a83c1a5a423ec324ee78bb6e8f83b6b5f84181b198c54e6b227ce01814c36ab37723

    • SSDEEP

      768:9xZv9vMn8Gc1HVpQHIfcDFdOAvTW5OpAqlG1ePoXHo9vwoa3KEKa8qgVeMEX:VFknC1HVpQHIfuFdOAvZAqxEHka8qgVY

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks