Overview
overview
10Static
static
1014-11-2023...1D.rar
windows10-1703-x64
3AveryNuker...DME.md
windows10-1703-x64
3AveryNuker...IS.bat
windows10-1703-x64
10AveryNuker...ry.exe
windows10-1703-x64
7avery.pyc
windows10-1703-x64
3AveryNuker...ls.txt
windows10-1703-x64
1AveryNuker...rs.txt
windows10-1703-x64
1AveryNuker...es.txt
windows10-1703-x64
1AveryNuker...ry.exe
windows10-1703-x64
10AveryNuker...ery.py
windows10-1703-x64
3General
-
Target
14-11-2023_VUBSUFEkriWDh1D.rar
-
Size
11.6MB
-
Sample
231114-ll8srsbb73
-
MD5
4be2e7f28c6fd64cee77c73f46359548
-
SHA1
327a78d1f0b87418d612c656592b7d5b57d260d3
-
SHA256
ba21c2f23d365ac2809dac09e2b41c2b345d17bef526ad6623b6920ea28dc61b
-
SHA512
243bdf001ec81fcfb23c22806be8e12cf273053aeb62a10c2051f3c2943c8e35d687bca1d0e5f0a2335a96666d928ed6c3cf1e0063b70d9e4f7a6bb9c0ff9191
-
SSDEEP
196608:L1ePaxxQJH2eFEdbHBhg2Xkb/8tz6GSh41KTx6G981T2JV15sjl+oBnlTyZW+mrn:LgPmeN6AjE6GSCKNL15gllnMPoEfENAq
Behavioral task
behavioral1
Sample
14-11-2023_VUBSUFEkriWDh1D.rar
Resource
win10-20231023-en
Behavioral task
behavioral2
Sample
AveryNuker-main/README.md
Resource
win10-20231020-en
Behavioral task
behavioral3
Sample
AveryNuker-main/RUN THIS.bat
Resource
win10-20231020-en
Behavioral task
behavioral4
Sample
AveryNuker-main/Scraped/avery.exe
Resource
win10-20231020-en
Behavioral task
behavioral5
Sample
avery.pyc
Resource
win10-20231020-en
Behavioral task
behavioral6
Sample
AveryNuker-main/Scraped/channels.txt
Resource
win10-20231023-en
Behavioral task
behavioral7
Sample
AveryNuker-main/Scraped/members.txt
Resource
win10-20231020-en
Behavioral task
behavioral8
Sample
AveryNuker-main/Scraped/roles.txt
Resource
win10-20231020-en
Behavioral task
behavioral9
Sample
AveryNuker-main/avery.exe
Resource
win10-20231025-en
Behavioral task
behavioral10
Sample
AveryNuker-main/avery.py
Resource
win10-20231023-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/887304484844339250/sTQt9knbeiUf2bJPMZ4uxOEZ2mFmxtbw1S3JZvhKpMU-hSQtSzNllJidmjM8oJmI2wpt
Targets
-
-
Target
14-11-2023_VUBSUFEkriWDh1D.rar
-
Size
11.6MB
-
MD5
4be2e7f28c6fd64cee77c73f46359548
-
SHA1
327a78d1f0b87418d612c656592b7d5b57d260d3
-
SHA256
ba21c2f23d365ac2809dac09e2b41c2b345d17bef526ad6623b6920ea28dc61b
-
SHA512
243bdf001ec81fcfb23c22806be8e12cf273053aeb62a10c2051f3c2943c8e35d687bca1d0e5f0a2335a96666d928ed6c3cf1e0063b70d9e4f7a6bb9c0ff9191
-
SSDEEP
196608:L1ePaxxQJH2eFEdbHBhg2Xkb/8tz6GSh41KTx6G981T2JV15sjl+oBnlTyZW+mrn:LgPmeN6AjE6GSCKNL15gllnMPoEfENAq
Score3/10 -
-
-
Target
AveryNuker-main/README.md
-
Size
509B
-
MD5
8c4cc448b17e491a5063c6d4933f34e8
-
SHA1
773b60c9ce1ef5c67e8d73c81690c62ac30a63df
-
SHA256
09b8d1616b1abe73c3f610424158555c08858063a25564fe7beb774036dfe91d
-
SHA512
e3c2b572d79638852ec16e8c86e0c81328533d333a1b89b5ab81681097a77a9eadd632fefd62d15f63033bcd99223874d49ba6aecf1ccf6e0297f16f44bb24d0
Score3/10 -
-
-
Target
AveryNuker-main/RUN THIS.bat
-
Size
36B
-
MD5
ac5a055121ce64833b6f28e89d4e0f97
-
SHA1
b0404dc53ce85b2dedf78fda85b78e05f11df767
-
SHA256
e66438d809880170de240ae93b75cbe261aeb2532051f58d3cb0fad276555d9d
-
SHA512
b1ceac00c176195c642497f7a19025f2d9b4487b7db35a29434b4a56eef0eb2dba0ebed17b802e90b37b7ac3c472d0e9dfc7cfb6e4489d49510f31ed306eb417
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
AveryNuker-main/Scraped/avery.exe
-
Size
11.8MB
-
MD5
3787b2b88bacbc10782d9ff6f9fe7d9a
-
SHA1
d7d4f3fdd821981a9f30ce26f93bb8dd09f7a36d
-
SHA256
7e4422eb6169de27b1eec071c4fdbdb82ec4b91f73c09b27cd6015403f717ca8
-
SHA512
b02dfd7d21ff3229be32aac1ac4f05713cb157b0f5ee758bfd67ca81047be95979df022796014757272d8c47a1148fcbe3c83ccb2f9a9e36f580d34c9d7322a6
-
SSDEEP
196608:Zm0DeG/M9onJ5hrZERdW3q+09iq2pPefB2WZufOuD9LaKyPgVFccckLQuxHGvi9v:neGk9c5hlERblh2pW2WmfDZhkUL+OGq
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
avery.pyc
-
Size
24KB
-
MD5
721d94f7c25e4f62de411a739ae1633b
-
SHA1
59e9639c597c7134c28bc42420a56d440ce38185
-
SHA256
9f85bf1bca3fd5687f9873a56d39732be8616982878f0b3908ee85aa0955aadf
-
SHA512
806bfe0ff5ae7ad808c9ef67ef5ee35a58fa7fe5844591791434c326e198037864c562a5817048fbb62b43374220383d3b25cc5bd9ddfb52456378133534a9fe
-
SSDEEP
768:go61VcV5OPr9gSUVojeX8eZp9hzSsHWji+NvUmpzhlN:l61j9PioCrDzSsHV+hUGlN
Score3/10 -
-
-
Target
AveryNuker-main/Scraped/channels.txt
-
Size
2B
-
MD5
81051bcc2cf1bedf378224b0a93e2877
-
SHA1
ba8ab5a0280b953aa97435ff8946cbcbb2755a27
-
SHA256
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
-
SHA512
1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d
Score1/10 -
-
-
Target
AveryNuker-main/Scraped/members.txt
-
Size
2B
-
MD5
81051bcc2cf1bedf378224b0a93e2877
-
SHA1
ba8ab5a0280b953aa97435ff8946cbcbb2755a27
-
SHA256
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
-
SHA512
1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d
Score1/10 -
-
-
Target
AveryNuker-main/Scraped/roles.txt
-
Size
2B
-
MD5
81051bcc2cf1bedf378224b0a93e2877
-
SHA1
ba8ab5a0280b953aa97435ff8946cbcbb2755a27
-
SHA256
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
-
SHA512
1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d
Score1/10 -
-
-
Target
AveryNuker-main/avery.exe
-
Size
41KB
-
MD5
975e8aed42ef6368efd5a66204d4818a
-
SHA1
5d48ef440ba147a27dfa5236fcbf426a34a21e2a
-
SHA256
24e33a4716587fc8f330f77da68493f52b46311cf0e87681dd35e4ce6b912e51
-
SHA512
07ea3d9d56f897021858490da38ce84747e788c8c5a8b49e8d9c021e8b57a97a9d54efe851b06afc08bfc4687c374ad7d5d02baa94188ae3d0f13fd8727caee6
-
SSDEEP
768:TscG4ApfT6aGpDXswguZkeVWTjUHKZKfgm3Ehqt:IcKfnGEeVWTUF7EEt
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
AveryNuker-main/avery.py
-
Size
17KB
-
MD5
f7f34aad4e7521d7e4358abfa3f6f715
-
SHA1
dfc0b706cfe3e634a56d7c06be2efca5a3cabfa7
-
SHA256
d8b1d13e052ad38bd7e88f325d94aaf8ca245d96fa310545cb6d618ab1ab4d7d
-
SHA512
0c5d9e34479a1d1bfff7117dfc943c84882e26beb5a26bdfc8e79f1309179428fe40e1ea2aa65f94006be9725f98b6c0ac372b8cad1d6803129d2ae5cb65cdb6
-
SSDEEP
192:ADhumGIrgD51a3de6kklVkpK6/fB/dzB0po2E/4/Jll71JQj5fh81JhT8c0ONsEZ:ADhumGz543Q6kell71JQhh81JhLNso
Score3/10 -