General
-
Target
output.exe
-
Size
41KB
-
Sample
231130-ryx5pada24
-
MD5
1d7a4c79e7535b231928d31ca6535ffd
-
SHA1
a27e15b259ca7a34cb0b15838431e1182dc517fa
-
SHA256
5157330e437983223942ccc2a616c30076055ac42a878e8e50f6785942d8898c
-
SHA512
67f4c0f03d8ca7b5045549e566ba9839d081d4e3b219af91fa8ab45c2868319126c92946f5a7c56e52707141d910f303ca3b7f1e12ef89018c45c043f74a8317
-
SSDEEP
768:RRQiE/jz/BZ6aZpDtsuuZ2LyCTjxKZKfgm3EhmZ:RKiOZ1ZPsmLyCTlF7E8Z
Behavioral task
behavioral1
Sample
output.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
output.exe
-
Size
41KB
-
MD5
1d7a4c79e7535b231928d31ca6535ffd
-
SHA1
a27e15b259ca7a34cb0b15838431e1182dc517fa
-
SHA256
5157330e437983223942ccc2a616c30076055ac42a878e8e50f6785942d8898c
-
SHA512
67f4c0f03d8ca7b5045549e566ba9839d081d4e3b219af91fa8ab45c2868319126c92946f5a7c56e52707141d910f303ca3b7f1e12ef89018c45c043f74a8317
-
SSDEEP
768:RRQiE/jz/BZ6aZpDtsuuZ2LyCTjxKZKfgm3EhmZ:RKiOZ1ZPsmLyCTlF7E8Z
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-