General

  • Target

    trackware leaked +++.exe

  • Size

    46KB

  • Sample

    230801-rrhfnagc72

  • MD5

    95bc936675673e99ce66592a5f172096

  • SHA1

    67bbcf11ea8bbf0763668d316b89243b0e9beb52

  • SHA256

    79de9f5d80b52488f8427eaa1a9b7972d658feeeca739831e196c3ded68650b5

  • SHA512

    6f36167e33cf6f38331a50c019edf3608107f6231415f4578c3e152ae4a092155567121580b0c717c5e36a0f0a2cc045620ac747a805ccff9011b960f661bf3d

  • SSDEEP

    768:BjLBbKKqqI2SrZDhuZiLHDTj9KZKfgm3EhAS7mca:HNqH2ofLHDT5F7EaXz

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1135556677366726792/KD7Ycd_y48McCdSP6hRTNv7oki6HzrPMjDpnfHaEmRKHmqHyI3M9f323bNCSBItoYij3

Targets

    • Target

      trackware leaked +++.exe

    • Size

      46KB

    • MD5

      95bc936675673e99ce66592a5f172096

    • SHA1

      67bbcf11ea8bbf0763668d316b89243b0e9beb52

    • SHA256

      79de9f5d80b52488f8427eaa1a9b7972d658feeeca739831e196c3ded68650b5

    • SHA512

      6f36167e33cf6f38331a50c019edf3608107f6231415f4578c3e152ae4a092155567121580b0c717c5e36a0f0a2cc045620ac747a805ccff9011b960f661bf3d

    • SSDEEP

      768:BjLBbKKqqI2SrZDhuZiLHDTj9KZKfgm3EhAS7mca:HNqH2ofLHDT5F7EaXz

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks