General

  • Target

    FortFire_V6.exe

  • Size

    306KB

  • Sample

    231213-tas7yagdb8

  • MD5

    06adcf99da75a5a0441217993686f2b8

  • SHA1

    9028f5197b15fd3c047703a77888afb6969ed462

  • SHA256

    27215c86d52acc289f22159da5aa094fe57ffd92b4ecd50e8364ce7e413f7948

  • SHA512

    919333a2545a2a4c6a2e6a6bf6f065d167fccfda71224febeb85c472f8f57b882440d7526a4726066f825c1ae46204a5e1a995e1458c2d9b32e2d5cd9699ed77

  • SSDEEP

    768:YdXCfT4lMmkDgmpjuZmL6M/TjfKZKfgm3EhNDp7qwEFIZJxfx7uRT:YwTASpLL6M/TjF7EvDl6IZ75i

Malware Config

Extracted

Family

mercurialgrabber

C2

https://canary.discord.com/api/webhooks/1171148657458958417/b4eXbtxR2mg7kdanZqAf670H2pdhuCNlUO-CliCgpEeixMJqY7nW67Iqy6ZP1CwQcP9u

Targets

    • Target

      FortFire_V6.exe

    • Size

      306KB

    • MD5

      06adcf99da75a5a0441217993686f2b8

    • SHA1

      9028f5197b15fd3c047703a77888afb6969ed462

    • SHA256

      27215c86d52acc289f22159da5aa094fe57ffd92b4ecd50e8364ce7e413f7948

    • SHA512

      919333a2545a2a4c6a2e6a6bf6f065d167fccfda71224febeb85c472f8f57b882440d7526a4726066f825c1ae46204a5e1a995e1458c2d9b32e2d5cd9699ed77

    • SSDEEP

      768:YdXCfT4lMmkDgmpjuZmL6M/TjfKZKfgm3EhNDp7qwEFIZJxfx7uRT:YwTASpLL6M/TjF7EvDl6IZ75i

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks