General
-
Target
14-11-2023_VUBSUFEkriWDh1D.rar
-
Size
11.6MB
-
Sample
231114-lajz9sad3z
-
MD5
4be2e7f28c6fd64cee77c73f46359548
-
SHA1
327a78d1f0b87418d612c656592b7d5b57d260d3
-
SHA256
ba21c2f23d365ac2809dac09e2b41c2b345d17bef526ad6623b6920ea28dc61b
-
SHA512
243bdf001ec81fcfb23c22806be8e12cf273053aeb62a10c2051f3c2943c8e35d687bca1d0e5f0a2335a96666d928ed6c3cf1e0063b70d9e4f7a6bb9c0ff9191
-
SSDEEP
196608:L1ePaxxQJH2eFEdbHBhg2Xkb/8tz6GSh41KTx6G981T2JV15sjl+oBnlTyZW+mrn:LgPmeN6AjE6GSCKNL15gllnMPoEfENAq
Behavioral task
behavioral1
Sample
AveryNuker-main/RUN THIS.bat
Resource
win10-20231023-en
Behavioral task
behavioral2
Sample
AveryNuker-main/Scraped/avery.exe
Resource
win10-20231020-en
Behavioral task
behavioral3
Sample
AveryNuker-main/avery.exe
Resource
win10-20231023-en
Behavioral task
behavioral4
Sample
AveryNuker-main/avery.py
Resource
win10-20231020-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/887304484844339250/sTQt9knbeiUf2bJPMZ4uxOEZ2mFmxtbw1S3JZvhKpMU-hSQtSzNllJidmjM8oJmI2wpt
Targets
-
-
Target
AveryNuker-main/RUN THIS.bat
-
Size
36B
-
MD5
ac5a055121ce64833b6f28e89d4e0f97
-
SHA1
b0404dc53ce85b2dedf78fda85b78e05f11df767
-
SHA256
e66438d809880170de240ae93b75cbe261aeb2532051f58d3cb0fad276555d9d
-
SHA512
b1ceac00c176195c642497f7a19025f2d9b4487b7db35a29434b4a56eef0eb2dba0ebed17b802e90b37b7ac3c472d0e9dfc7cfb6e4489d49510f31ed306eb417
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
AveryNuker-main/Scraped/avery.exe
-
Size
11.8MB
-
MD5
3787b2b88bacbc10782d9ff6f9fe7d9a
-
SHA1
d7d4f3fdd821981a9f30ce26f93bb8dd09f7a36d
-
SHA256
7e4422eb6169de27b1eec071c4fdbdb82ec4b91f73c09b27cd6015403f717ca8
-
SHA512
b02dfd7d21ff3229be32aac1ac4f05713cb157b0f5ee758bfd67ca81047be95979df022796014757272d8c47a1148fcbe3c83ccb2f9a9e36f580d34c9d7322a6
-
SSDEEP
196608:Zm0DeG/M9onJ5hrZERdW3q+09iq2pPefB2WZufOuD9LaKyPgVFccckLQuxHGvi9v:neGk9c5hlERblh2pW2WmfDZhkUL+OGq
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
AveryNuker-main/avery.exe
-
Size
41KB
-
MD5
975e8aed42ef6368efd5a66204d4818a
-
SHA1
5d48ef440ba147a27dfa5236fcbf426a34a21e2a
-
SHA256
24e33a4716587fc8f330f77da68493f52b46311cf0e87681dd35e4ce6b912e51
-
SHA512
07ea3d9d56f897021858490da38ce84747e788c8c5a8b49e8d9c021e8b57a97a9d54efe851b06afc08bfc4687c374ad7d5d02baa94188ae3d0f13fd8727caee6
-
SSDEEP
768:TscG4ApfT6aGpDXswguZkeVWTjUHKZKfgm3Ehqt:IcKfnGEeVWTUF7EEt
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
AveryNuker-main/avery.py
-
Size
17KB
-
MD5
f7f34aad4e7521d7e4358abfa3f6f715
-
SHA1
dfc0b706cfe3e634a56d7c06be2efca5a3cabfa7
-
SHA256
d8b1d13e052ad38bd7e88f325d94aaf8ca245d96fa310545cb6d618ab1ab4d7d
-
SHA512
0c5d9e34479a1d1bfff7117dfc943c84882e26beb5a26bdfc8e79f1309179428fe40e1ea2aa65f94006be9725f98b6c0ac372b8cad1d6803129d2ae5cb65cdb6
-
SSDEEP
192:ADhumGIrgD51a3de6kklVkpK6/fB/dzB0po2E/4/Jll71JQj5fh81JhT8c0ONsEZ:ADhumGz543Q6kell71JQhh81JhLNso
Score3/10 -