General

  • Target

    Eulen CRACK.exe

  • Size

    305KB

  • Sample

    231105-lpedbsdh8v

  • MD5

    3958a368ad941f9fa159849fee82d33a

  • SHA1

    98bb4bab48f2b376396c4e9b81e7a19b81fad545

  • SHA256

    76964d8a6b5b9b4655be96b4dac3c11dc1104918fced6f069b044e56ac2eacb3

  • SHA512

    9dc05a0a52c82b4b5fd269af020b3ab68ba6d322ce687470ee4779f0dc67ac51e6a0017ddc65c00c99f46b17b70ae3cedb8018ad8c38c81aa2556ba2182f582f

  • SSDEEP

    6144:wBlkgvV2tc40tFyavEwq86Py59kYZy5fT8fCHDIW5r1eeeW:wnbV2t/Ub8jI+Yk5fTjT5r

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/965223345413042186/IE3wix7ZAbDCru6G5uDkkxivTLcLC9lZ0CNPkUn_7tf52NwqxWqpB2UuBtjuHGmnlyTk

Targets

    • Target

      Eulen CRACK.exe

    • Size

      305KB

    • MD5

      3958a368ad941f9fa159849fee82d33a

    • SHA1

      98bb4bab48f2b376396c4e9b81e7a19b81fad545

    • SHA256

      76964d8a6b5b9b4655be96b4dac3c11dc1104918fced6f069b044e56ac2eacb3

    • SHA512

      9dc05a0a52c82b4b5fd269af020b3ab68ba6d322ce687470ee4779f0dc67ac51e6a0017ddc65c00c99f46b17b70ae3cedb8018ad8c38c81aa2556ba2182f582f

    • SSDEEP

      6144:wBlkgvV2tc40tFyavEwq86Py59kYZy5fT8fCHDIW5r1eeeW:wnbV2t/Ub8jI+Yk5fTjT5r

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks