General

  • Target

    output.exe

  • Size

    41KB

  • Sample

    231211-r1rexshedp

  • MD5

    843a57277980982def2dad520c5a1d0b

  • SHA1

    c2e750363240a1dfd4321bd463dc680b6c7d2bbf

  • SHA256

    bdc9ea17594271c8b3aa4ac3626727a536ed183136ff5a4fc37230c75f92aa2a

  • SHA512

    986a2f795d6c2e03c0b3df06c662ecbe87eaa994cce2c4205065c797832bab9f8a46413492d340e8bc8b5b08fae1b8fc78d4af77e48de9d1ddb5b2bb7eaf3cab

  • SSDEEP

    768:RscaIiIqfT6aGpDXswguZkeKWTj7KZKfgm3EhUB:uc1ofnGEeKWT3F7E2B

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1183780082771312660/evkkPtS32fk9bZmhMVHMdW4u2vZ3bcZYFftzbtuI1wVwu8420wfOaOJZO1ATr3bSelv_

Targets

    • Target

      output.exe

    • Size

      41KB

    • MD5

      843a57277980982def2dad520c5a1d0b

    • SHA1

      c2e750363240a1dfd4321bd463dc680b6c7d2bbf

    • SHA256

      bdc9ea17594271c8b3aa4ac3626727a536ed183136ff5a4fc37230c75f92aa2a

    • SHA512

      986a2f795d6c2e03c0b3df06c662ecbe87eaa994cce2c4205065c797832bab9f8a46413492d340e8bc8b5b08fae1b8fc78d4af77e48de9d1ddb5b2bb7eaf3cab

    • SSDEEP

      768:RscaIiIqfT6aGpDXswguZkeKWTj7KZKfgm3EhUB:uc1ofnGEeKWT3F7E2B

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks