Behavioral task
behavioral1
Sample
Gerador.exe
Resource
win10v2004-20230703-en
General
-
Target
Gerador.zip
-
Size
18KB
-
MD5
2054de7c18d981858987e6f7e64fd808
-
SHA1
ace760b85ad37fa12a3e65f3bfb0529362537bcf
-
SHA256
7bf8b31e20e0d651fc7ec648cde247ee0a5319c3ce80ddfa99e018dc784306f5
-
SHA512
c805d8b4f595e7fea85705908d0147ab7e774a9eecc6d35e3185b651884cfd8120941b97798b8969bffd3e41acc95b5a8357c3aed67b293a6f3355913ad053d4
-
SSDEEP
384:bP4wU+ZyKsaCC+RU9jDDrkpLHAwFM3VOQswQflX:L4j+oxauUVDr8AwCVP7kX
Malware Config
Extracted
mercurialgrabber
https://discordapp.com/api/webhooks/1137732376970141788/BSr_PjmFVxqp7BblluwN-skaCKmhCEBuP-YwdA2hmT3jW_c5O5Bp1veikMRnN19SZlMv
Signatures
-
Mercurialgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Gerador.exe
Files
-
Gerador.zip.zip
-
Gerador.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ