General
-
Target
trackware leaked +++.exe
-
Size
46KB
-
Sample
230801-rrhfnagc72
-
MD5
95bc936675673e99ce66592a5f172096
-
SHA1
67bbcf11ea8bbf0763668d316b89243b0e9beb52
-
SHA256
79de9f5d80b52488f8427eaa1a9b7972d658feeeca739831e196c3ded68650b5
-
SHA512
6f36167e33cf6f38331a50c019edf3608107f6231415f4578c3e152ae4a092155567121580b0c717c5e36a0f0a2cc045620ac747a805ccff9011b960f661bf3d
-
SSDEEP
768:BjLBbKKqqI2SrZDhuZiLHDTj9KZKfgm3EhAS7mca:HNqH2ofLHDT5F7EaXz
Behavioral task
behavioral1
Sample
trackware leaked +++.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1135556677366726792/KD7Ycd_y48McCdSP6hRTNv7oki6HzrPMjDpnfHaEmRKHmqHyI3M9f323bNCSBItoYij3
Targets
-
-
Target
trackware leaked +++.exe
-
Size
46KB
-
MD5
95bc936675673e99ce66592a5f172096
-
SHA1
67bbcf11ea8bbf0763668d316b89243b0e9beb52
-
SHA256
79de9f5d80b52488f8427eaa1a9b7972d658feeeca739831e196c3ded68650b5
-
SHA512
6f36167e33cf6f38331a50c019edf3608107f6231415f4578c3e152ae4a092155567121580b0c717c5e36a0f0a2cc045620ac747a805ccff9011b960f661bf3d
-
SSDEEP
768:BjLBbKKqqI2SrZDhuZiLHDTj9KZKfgm3EhAS7mca:HNqH2ofLHDT5F7EaXz
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-