General
-
Target
output.exe
-
Size
41KB
-
Sample
231211-r1rexshedp
-
MD5
843a57277980982def2dad520c5a1d0b
-
SHA1
c2e750363240a1dfd4321bd463dc680b6c7d2bbf
-
SHA256
bdc9ea17594271c8b3aa4ac3626727a536ed183136ff5a4fc37230c75f92aa2a
-
SHA512
986a2f795d6c2e03c0b3df06c662ecbe87eaa994cce2c4205065c797832bab9f8a46413492d340e8bc8b5b08fae1b8fc78d4af77e48de9d1ddb5b2bb7eaf3cab
-
SSDEEP
768:RscaIiIqfT6aGpDXswguZkeKWTj7KZKfgm3EhUB:uc1ofnGEeKWT3F7E2B
Behavioral task
behavioral1
Sample
output.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1183780082771312660/evkkPtS32fk9bZmhMVHMdW4u2vZ3bcZYFftzbtuI1wVwu8420wfOaOJZO1ATr3bSelv_
Targets
-
-
Target
output.exe
-
Size
41KB
-
MD5
843a57277980982def2dad520c5a1d0b
-
SHA1
c2e750363240a1dfd4321bd463dc680b6c7d2bbf
-
SHA256
bdc9ea17594271c8b3aa4ac3626727a536ed183136ff5a4fc37230c75f92aa2a
-
SHA512
986a2f795d6c2e03c0b3df06c662ecbe87eaa994cce2c4205065c797832bab9f8a46413492d340e8bc8b5b08fae1b8fc78d4af77e48de9d1ddb5b2bb7eaf3cab
-
SSDEEP
768:RscaIiIqfT6aGpDXswguZkeKWTj7KZKfgm3EhUB:uc1ofnGEeKWT3F7E2B
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-