General

  • Target

    output.exe

  • Size

    41KB

  • Sample

    231130-ryx5pada24

  • MD5

    1d7a4c79e7535b231928d31ca6535ffd

  • SHA1

    a27e15b259ca7a34cb0b15838431e1182dc517fa

  • SHA256

    5157330e437983223942ccc2a616c30076055ac42a878e8e50f6785942d8898c

  • SHA512

    67f4c0f03d8ca7b5045549e566ba9839d081d4e3b219af91fa8ab45c2868319126c92946f5a7c56e52707141d910f303ca3b7f1e12ef89018c45c043f74a8317

  • SSDEEP

    768:RRQiE/jz/BZ6aZpDtsuuZ2LyCTjxKZKfgm3EhmZ:RKiOZ1ZPsmLyCTlF7E8Z

Malware Config

Targets

    • Target

      output.exe

    • Size

      41KB

    • MD5

      1d7a4c79e7535b231928d31ca6535ffd

    • SHA1

      a27e15b259ca7a34cb0b15838431e1182dc517fa

    • SHA256

      5157330e437983223942ccc2a616c30076055ac42a878e8e50f6785942d8898c

    • SHA512

      67f4c0f03d8ca7b5045549e566ba9839d081d4e3b219af91fa8ab45c2868319126c92946f5a7c56e52707141d910f303ca3b7f1e12ef89018c45c043f74a8317

    • SSDEEP

      768:RRQiE/jz/BZ6aZpDtsuuZ2LyCTjxKZKfgm3EhmZ:RKiOZ1ZPsmLyCTlF7E8Z

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks