General
-
Target
niga.exe
-
Size
42KB
-
Sample
231211-rxcscsafh2
-
MD5
8ba18924c7f860703953423b641565bf
-
SHA1
baf21833047a1bb8cfff4adaae6dbba0262415e5
-
SHA256
223bcaf12720be7ff36059757ce3c8d30102ee409ef9014e857c37179532a132
-
SHA512
6150344eb25ce9a29f4281eecf5a14b8a0199dea6bb014941a8cff0a05340662d99e916b0466ec9d990c64044dc3e5010fbac7638eba1a8b8e03abf8ed4d958a
-
SSDEEP
768:SODdt/Boge5b0DuZeLWhTjsKZKfgm3Ehcb:SOf+WlLWhT4F7Eub
Behavioral task
behavioral1
Sample
niga.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1119742399699230783/6Tji0s9YCL14TFN7Va49sn_aGPLrm5Wq9dfZQ41YrVsv2dX8iirXnEaZ5BDU5NFuEe6_
Targets
-
-
Target
niga.exe
-
Size
42KB
-
MD5
8ba18924c7f860703953423b641565bf
-
SHA1
baf21833047a1bb8cfff4adaae6dbba0262415e5
-
SHA256
223bcaf12720be7ff36059757ce3c8d30102ee409ef9014e857c37179532a132
-
SHA512
6150344eb25ce9a29f4281eecf5a14b8a0199dea6bb014941a8cff0a05340662d99e916b0466ec9d990c64044dc3e5010fbac7638eba1a8b8e03abf8ed4d958a
-
SSDEEP
768:SODdt/Boge5b0DuZeLWhTjsKZKfgm3Ehcb:SOf+WlLWhT4F7Eub
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-