General
-
Target
eulen setup.exe
-
Size
168KB
-
Sample
231105-lj9maadg61
-
MD5
2ca228c7984f45002fca353b6a4bfedc
-
SHA1
24f37766540dda7110aa3a342e137537b5e7821a
-
SHA256
fd0d60615c38683ae85a5ef1ab2beaed160ebe700acdcec25312339adad88fda
-
SHA512
6114dbc03375ba2e4c83af3b92979294743dbb0d674ee8375f94bdb3b05642323d6c597523ccb20f7c61096631600fdb1930e1f92ae7207c36f1735ae597378a
-
SSDEEP
3072:YAWpXLyTpF7EwQTZyElBXc2gjRTNKKujXjoimNxyJy/gVCp6TGJuDgN5:YAWpXgREBXcrxNUSxJoU6TD4
Behavioral task
behavioral1
Sample
eulen setup.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/917748860682657832/sSsKt4ikHoi9zkepKqNjrrQK503_MnWsxInF6XnFlC2W3mmbZI320rx6s-R3dnG3i8W3
Targets
-
-
Target
eulen setup.exe
-
Size
168KB
-
MD5
2ca228c7984f45002fca353b6a4bfedc
-
SHA1
24f37766540dda7110aa3a342e137537b5e7821a
-
SHA256
fd0d60615c38683ae85a5ef1ab2beaed160ebe700acdcec25312339adad88fda
-
SHA512
6114dbc03375ba2e4c83af3b92979294743dbb0d674ee8375f94bdb3b05642323d6c597523ccb20f7c61096631600fdb1930e1f92ae7207c36f1735ae597378a
-
SSDEEP
3072:YAWpXLyTpF7EwQTZyElBXc2gjRTNKKujXjoimNxyJy/gVCp6TGJuDgN5:YAWpXgREBXcrxNUSxJoU6TD4
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-