Behavioral task
behavioral1
Sample
FNMods By dzekonunkramponu_1907.exe
Resource
win10v2004-20230621-en
General
-
Target
FNMods By dzekonunkramponu_1907.exe
-
Size
41KB
-
MD5
2476c03ed785f2e8d6f650166b8bc8a2
-
SHA1
6204bb5ea7a1be798fc96282ef8addfc28448a08
-
SHA256
1e55f962f30eed4176308e40c93919ab29009b5fafe60f3dd4c9f4555a3602c3
-
SHA512
89aca4571c8791f6fbb05faec947789ad33acfd72f03eaee8c452f8dd597bdfcd7080d7ecc35a9522920a20209d29922f79f7b17262598278edcab2cc669d395
-
SSDEEP
768:evscaIyI8SPuHKwnuZCeiWTjzKZKfgm3Ehxl:Zc1++OZeiWTPF7E/l
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1122463751438872596/e_mrqsTymmDv97OA5__A-io6FrMPIUzm2y3P2O1YYqxy7SHhq_IXwnW1DfphiCgwtS26
Signatures
-
Mercurialgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource FNMods By dzekonunkramponu_1907.exe
Files
-
FNMods By dzekonunkramponu_1907.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ