General
-
Target
stub.exe
-
Size
42KB
-
Sample
230522-3c619adh3s
-
MD5
815c1245bc05bdad3189cc6a65396207
-
SHA1
778663a46b269dc305f2e577f433ffc3b45909bd
-
SHA256
e1790e7dd80127ecb73f0a540f2ad8b4479bb97a0ecb7be807a67bc06fda94f2
-
SHA512
bedd64ebe0162fd55b74044ed4325997cf453ec0f502099337773dd0d2a4347f13ded825b7b812ba7441b6d092d2ff1a51517b2bb07882279b929c548b42e1ed
-
SSDEEP
384:sciKoRD0L2GI1Q/VNWJ2ge5So9eTYuWs/XZxIh/doJEFq5nmqoTAsCIKQsLd/Sfp:1LT+oge5b0guZ5LnoTjZKZKfgm3Eheb
Behavioral task
behavioral1
Sample
stub.exe
Resource
win10-20230220-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1016435887099351190/NopdbVD5frXDLoZP3uBJeO3ESYrxVuhaIRyPJa5-BQ2gbFKRBe__Z233lKve_2jaiaDB
Targets
-
-
Target
stub.exe
-
Size
42KB
-
MD5
815c1245bc05bdad3189cc6a65396207
-
SHA1
778663a46b269dc305f2e577f433ffc3b45909bd
-
SHA256
e1790e7dd80127ecb73f0a540f2ad8b4479bb97a0ecb7be807a67bc06fda94f2
-
SHA512
bedd64ebe0162fd55b74044ed4325997cf453ec0f502099337773dd0d2a4347f13ded825b7b812ba7441b6d092d2ff1a51517b2bb07882279b929c548b42e1ed
-
SSDEEP
384:sciKoRD0L2GI1Q/VNWJ2ge5So9eTYuWs/XZxIh/doJEFq5nmqoTAsCIKQsLd/Sfp:1LT+oge5b0guZ5LnoTjZKZKfgm3Eheb
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-