General
-
Target
Guna.UI2.dll
-
Size
3.7MB
-
Sample
230903-n4g4waaa55
-
MD5
de97f5f8b11269f60e9b0a0d66266a4c
-
SHA1
ac01b2bf4238810c5db34b436f77de4c9182b1d7
-
SHA256
7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84
-
SHA512
9f196e961b8d4a1e4b3f2bf1ae4f2145978503f54460c28e95fd49b1998964f6d1c8fe8da3a6a48183d00c5645fbc28ba9d1dd1e875f008739085fb6e466ff87
-
SSDEEP
24576:X8Svg5GTdeww/MRvUtyfaFVIefE4A4HXvcrZLMpsWM4RjmcPhL+HQ/jz:LTq/MGuKIh+XMCa7c
Static task
static1
Behavioral task
behavioral1
Sample
Guna.UI2.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Guna.UI2.dll
Resource
win10v2004-20230831-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/960950114506137713/2VnEvTnRUjX3Q7jSvAeHvgUeWoeWrHD-r2E7c3d8XPPxFaj_tSm0MlikzmnIxO4nnsn0
Targets
-
-
Target
Guna.UI2.dll
-
Size
3.7MB
-
MD5
de97f5f8b11269f60e9b0a0d66266a4c
-
SHA1
ac01b2bf4238810c5db34b436f77de4c9182b1d7
-
SHA256
7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84
-
SHA512
9f196e961b8d4a1e4b3f2bf1ae4f2145978503f54460c28e95fd49b1998964f6d1c8fe8da3a6a48183d00c5645fbc28ba9d1dd1e875f008739085fb6e466ff87
-
SSDEEP
24576:X8Svg5GTdeww/MRvUtyfaFVIefE4A4HXvcrZLMpsWM4RjmcPhL+HQ/jz:LTq/MGuKIh+XMCa7c
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-