General

  • Target

    KRNLExecutor.exe

  • Size

    41KB

  • MD5

    d1a288a97979ddd09085cc9ad0162b62

  • SHA1

    d213f7f6f069db9c1fb72cb76ca4440541461c7c

  • SHA256

    1e0474476d1eba6ed4ea3e6c2bdc368412f60862db3ee84e096eb800a8c884bc

  • SHA512

    ff143047d8278c16c2fb139ac7318d0dd8f92f4b46f35c18c19f58e254eb1e79d259d1365ad458f656b089c66918c7bf4fe5cc7a9c826d0754ac31b249317947

  • SSDEEP

    768:nscaIiIq3KHWOJTw3quZ5e9WTjoKZKfgm3Eh41:sc1KKHHo9e9WT8F7Ee1

Score
10/10

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1118262451083939971/HmXFycDXvS2LObQqqJVwfiGcZuZwJqZAp7f-PUmUyVxXQyBedsiYC04ShgyVOokXniGF

Signatures

  • Mercurialgrabber family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • KRNLExecutor.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections