Behavioral task
behavioral1
Sample
output.exe
Resource
win10v2004-20231127-en
General
-
Target
output.exe
-
Size
41KB
-
MD5
843a57277980982def2dad520c5a1d0b
-
SHA1
c2e750363240a1dfd4321bd463dc680b6c7d2bbf
-
SHA256
bdc9ea17594271c8b3aa4ac3626727a536ed183136ff5a4fc37230c75f92aa2a
-
SHA512
986a2f795d6c2e03c0b3df06c662ecbe87eaa994cce2c4205065c797832bab9f8a46413492d340e8bc8b5b08fae1b8fc78d4af77e48de9d1ddb5b2bb7eaf3cab
-
SSDEEP
768:RscaIiIqfT6aGpDXswguZkeKWTj7KZKfgm3EhUB:uc1ofnGEeKWT3F7E2B
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1183780082771312660/evkkPtS32fk9bZmhMVHMdW4u2vZ3bcZYFftzbtuI1wVwu8420wfOaOJZO1ATr3bSelv_
Signatures
-
Mercurialgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource output.exe
Files
-
output.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ