General
-
Target
FortFire_V6.exe
-
Size
306KB
-
Sample
231213-tas7yagdb8
-
MD5
06adcf99da75a5a0441217993686f2b8
-
SHA1
9028f5197b15fd3c047703a77888afb6969ed462
-
SHA256
27215c86d52acc289f22159da5aa094fe57ffd92b4ecd50e8364ce7e413f7948
-
SHA512
919333a2545a2a4c6a2e6a6bf6f065d167fccfda71224febeb85c472f8f57b882440d7526a4726066f825c1ae46204a5e1a995e1458c2d9b32e2d5cd9699ed77
-
SSDEEP
768:YdXCfT4lMmkDgmpjuZmL6M/TjfKZKfgm3EhNDp7qwEFIZJxfx7uRT:YwTASpLL6M/TjF7EvDl6IZ75i
Behavioral task
behavioral1
Sample
FortFire_V6.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
FortFire_V6.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
mercurialgrabber
https://canary.discord.com/api/webhooks/1171148657458958417/b4eXbtxR2mg7kdanZqAf670H2pdhuCNlUO-CliCgpEeixMJqY7nW67Iqy6ZP1CwQcP9u
Targets
-
-
Target
FortFire_V6.exe
-
Size
306KB
-
MD5
06adcf99da75a5a0441217993686f2b8
-
SHA1
9028f5197b15fd3c047703a77888afb6969ed462
-
SHA256
27215c86d52acc289f22159da5aa094fe57ffd92b4ecd50e8364ce7e413f7948
-
SHA512
919333a2545a2a4c6a2e6a6bf6f065d167fccfda71224febeb85c472f8f57b882440d7526a4726066f825c1ae46204a5e1a995e1458c2d9b32e2d5cd9699ed77
-
SSDEEP
768:YdXCfT4lMmkDgmpjuZmL6M/TjfKZKfgm3EhNDp7qwEFIZJxfx7uRT:YwTASpLL6M/TjF7EvDl6IZ75i
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-