General

  • Target

    output.exe

  • Size

    41KB

  • Sample

    230914-gsbz6ace48

  • MD5

    4f44a74b82f5b05dfe9474538009c0b6

  • SHA1

    b274532d0a88ba4b49cf6e4f08b3074aa3eb8ee1

  • SHA256

    48c7a3baf593016604a12523991918dde59315ec4bffe694cd439c1c8f53b049

  • SHA512

    2bbdea4451ae1916986596c12e05266bd3c48308759a296906339f40ad4dfffda8d875c03aa0bfbef53c95054540415b55fd4a9be0437d74e1649b29e76f7f46

  • SSDEEP

    768:pscoSf3GMXfT6axpDXswguZkeTWTjxKZKfgm3EhZq:2coSfnxEeTWTlF7EPq

Malware Config

Targets

    • Target

      output.exe

    • Size

      41KB

    • MD5

      4f44a74b82f5b05dfe9474538009c0b6

    • SHA1

      b274532d0a88ba4b49cf6e4f08b3074aa3eb8ee1

    • SHA256

      48c7a3baf593016604a12523991918dde59315ec4bffe694cd439c1c8f53b049

    • SHA512

      2bbdea4451ae1916986596c12e05266bd3c48308759a296906339f40ad4dfffda8d875c03aa0bfbef53c95054540415b55fd4a9be0437d74e1649b29e76f7f46

    • SSDEEP

      768:pscoSf3GMXfT6axpDXswguZkeTWTjxKZKfgm3EhZq:2coSfnxEeTWTlF7EPq

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks