General
-
Target
Eulen CRACK.exe
-
Size
305KB
-
Sample
231105-lpedbsdh8v
-
MD5
3958a368ad941f9fa159849fee82d33a
-
SHA1
98bb4bab48f2b376396c4e9b81e7a19b81fad545
-
SHA256
76964d8a6b5b9b4655be96b4dac3c11dc1104918fced6f069b044e56ac2eacb3
-
SHA512
9dc05a0a52c82b4b5fd269af020b3ab68ba6d322ce687470ee4779f0dc67ac51e6a0017ddc65c00c99f46b17b70ae3cedb8018ad8c38c81aa2556ba2182f582f
-
SSDEEP
6144:wBlkgvV2tc40tFyavEwq86Py59kYZy5fT8fCHDIW5r1eeeW:wnbV2t/Ub8jI+Yk5fTjT5r
Behavioral task
behavioral1
Sample
Eulen CRACK.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/965223345413042186/IE3wix7ZAbDCru6G5uDkkxivTLcLC9lZ0CNPkUn_7tf52NwqxWqpB2UuBtjuHGmnlyTk
Targets
-
-
Target
Eulen CRACK.exe
-
Size
305KB
-
MD5
3958a368ad941f9fa159849fee82d33a
-
SHA1
98bb4bab48f2b376396c4e9b81e7a19b81fad545
-
SHA256
76964d8a6b5b9b4655be96b4dac3c11dc1104918fced6f069b044e56ac2eacb3
-
SHA512
9dc05a0a52c82b4b5fd269af020b3ab68ba6d322ce687470ee4779f0dc67ac51e6a0017ddc65c00c99f46b17b70ae3cedb8018ad8c38c81aa2556ba2182f582f
-
SSDEEP
6144:wBlkgvV2tc40tFyavEwq86Py59kYZy5fT8fCHDIW5r1eeeW:wnbV2t/Ub8jI+Yk5fTjT5r
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-