Behavioral task
behavioral1
Sample
stub.exe
Resource
win10-20230220-en
General
-
Target
stub.exe
-
Size
42KB
-
MD5
815c1245bc05bdad3189cc6a65396207
-
SHA1
778663a46b269dc305f2e577f433ffc3b45909bd
-
SHA256
e1790e7dd80127ecb73f0a540f2ad8b4479bb97a0ecb7be807a67bc06fda94f2
-
SHA512
bedd64ebe0162fd55b74044ed4325997cf453ec0f502099337773dd0d2a4347f13ded825b7b812ba7441b6d092d2ff1a51517b2bb07882279b929c548b42e1ed
-
SSDEEP
384:sciKoRD0L2GI1Q/VNWJ2ge5So9eTYuWs/XZxIh/doJEFq5nmqoTAsCIKQsLd/Sfp:1LT+oge5b0guZ5LnoTjZKZKfgm3Eheb
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1016435887099351190/NopdbVD5frXDLoZP3uBJeO3ESYrxVuhaIRyPJa5-BQ2gbFKRBe__Z233lKve_2jaiaDB
Signatures
-
Mercurialgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource stub.exe
Files
-
stub.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ