General
-
Target
Sp3dyClient.rar
-
Size
42KB
-
Sample
230924-a5d7qabb9y
-
MD5
a4ceef30ebf1e679728d2c72fb1265e0
-
SHA1
5425bfe0d8725e3399d90798b466d963daeca20b
-
SHA256
ecdc73cb673db78176483ae4e650790ddefbdc25de41e458ff1d68f456c6feb4
-
SHA512
1b0e520e5dcd78740ad490510ec68e8f95ccaf3a16acf92ecb3ce6b2feeec352e9295de47033fccbe6c9b2aa12d0489d39800a795af49f1c6c8c145ced82c0a1
-
SSDEEP
768:jN9C1mNJnB0el3/iOKfOeGU+6mFAPLHDDB8THzNM/VeKpnrqEERsI3wI:jN9OmXn1FidfOEmFirDNuCeKpnrMLAI
Static task
static1
Behavioral task
behavioral1
Sample
Sp3dyClient.rar
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Sp3dyClient.rar
Resource
win10v2004-20230915-en
Malware Config
Extracted
discordrat
-
discord_token
MTExODU4NjMyMTM4MDg1MTc2Mw.GimHVz.Zy6wvVDGcOmDEO7kYdxfHcGYhSCWj8Uq47_2aQ
-
server_id
1118584897725022310
Extracted
mercurialgrabber
https://discord.com/api/webhooks/955535971494019142/FM6zBnTdjER5pMt0_6MUvcPDRmgoY6FCITAoOwTBmRmxm5Z_gOeHH4nSog-rd3vzpBFP
Targets
-
-
Target
Sp3dyClient.rar
-
Size
42KB
-
MD5
a4ceef30ebf1e679728d2c72fb1265e0
-
SHA1
5425bfe0d8725e3399d90798b466d963daeca20b
-
SHA256
ecdc73cb673db78176483ae4e650790ddefbdc25de41e458ff1d68f456c6feb4
-
SHA512
1b0e520e5dcd78740ad490510ec68e8f95ccaf3a16acf92ecb3ce6b2feeec352e9295de47033fccbe6c9b2aa12d0489d39800a795af49f1c6c8c145ced82c0a1
-
SSDEEP
768:jN9C1mNJnB0el3/iOKfOeGU+6mFAPLHDDB8THzNM/VeKpnrqEERsI3wI:jN9OmXn1FidfOEmFirDNuCeKpnrMLAI
-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Downloads MZ/PE file
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-