General

  • Target

    loader.exe

  • Size

    41KB

  • Sample

    230510-2pexvscd6y

  • MD5

    9f02da05646b00832f452f5bde9480e0

  • SHA1

    ccb0db7f8843049918b2c9266acc75bb1c7f3549

  • SHA256

    b5b1829125c7c5655729da03466ada32d2e53af8757863b7f0735e3cd9d30ddd

  • SHA512

    0d81b60eccb18df95f5b634733548541a1b9715b41686e962576326b2c813d25f4690d594df5d6228c02467f0a58e05a3a959a9f5b639b398c07e5efb9e71d5a

  • SSDEEP

    768:BscaIiIqfT6aGpDXsweuZ2e8IWTj62KZKfgm3EhVv:+c1ofnGsefWTu2F7ETv

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1000839791375548446/NI07AlVKhi3B0q-zNiY-EoNkL4_ZgTCvDkd-WMgVdQ58-cHmRuaWDv4qqDDnD7SjoCms

Targets

    • Target

      loader.exe

    • Size

      41KB

    • MD5

      9f02da05646b00832f452f5bde9480e0

    • SHA1

      ccb0db7f8843049918b2c9266acc75bb1c7f3549

    • SHA256

      b5b1829125c7c5655729da03466ada32d2e53af8757863b7f0735e3cd9d30ddd

    • SHA512

      0d81b60eccb18df95f5b634733548541a1b9715b41686e962576326b2c813d25f4690d594df5d6228c02467f0a58e05a3a959a9f5b639b398c07e5efb9e71d5a

    • SSDEEP

      768:BscaIiIqfT6aGpDXsweuZ2e8IWTj62KZKfgm3EhVv:+c1ofnGsefWTu2F7ETv

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks