Behavioral task
behavioral1
Sample
35dcf1c817340d9938f0a8478b92338e.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
35dcf1c817340d9938f0a8478b92338e.exe
Resource
win10v2004-20231201-en
General
-
Target
35dcf1c817340d9938f0a8478b92338e
-
Size
251KB
-
MD5
35dcf1c817340d9938f0a8478b92338e
-
SHA1
980b817caa2cda630f95be067959a7c34600930d
-
SHA256
03593fe7ab4471441b73c2d48ee9587ef41f9f41b98ce1a28eb8137f4e5a7071
-
SHA512
b83aee412b66e85301cc56a6c912dd990b7fc94a6e5db4736a138c874245c2f978eedefa87ed7445b0bad0fcf02f5863bc14e9c378b18d5e545139bfe1559858
-
SSDEEP
3072:84GU9L+TQF7E6gOkIEgTmPDIyzX9qcEKt6t6lN0yfTPoICZJDU7Ty2oN2cdRW0pS:84T9tfwMIzb93JN3TAICLn2gRW0
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/895696644769734676/h-RPuBKOeNBaezQKFt0t3g-8NrdJ5st8Lgpb-M4OlS_7IhJ5Z2V3c0wFIOXKn-2uxkNo
Signatures
-
Mercurialgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 35dcf1c817340d9938f0a8478b92338e
Files
-
35dcf1c817340d9938f0a8478b92338e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 210KB - Virtual size: 210KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ