General

  • Target

    62a6dfddfea9f3b07840eab13c01fd6a

  • Size

    42KB

  • Sample

    231219-ved49abea9

  • MD5

    62a6dfddfea9f3b07840eab13c01fd6a

  • SHA1

    03dc4618e49b3652ece0d00063b975c64572bf8e

  • SHA256

    f1a1a87288448f8783207ac8a63509508fb49cdcf2e12e655528e42d2eb7da1b

  • SHA512

    d754eb9bd4bb46728239ac0c104833aac28d7b287d3c1f36b77517b9bd75c47870c4210f75989048f3bd043f9f385604341cb5d16e06edeff1b3494c7217d7ca

  • SSDEEP

    768:08QiQ2KKqqI28Tj6rZDJuZ2LV0TjWKZKfgm3EhSu:ZNqH28TjQ7LV0TSF7E0u

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/895521762614325278/0cQkzrsvVLdfDncYsHihutoyrWOX3m8Y_0gjrP9RiveAWp-5BR5p3VaKFSEf9_j-SY8m

Targets

    • Target

      62a6dfddfea9f3b07840eab13c01fd6a

    • Size

      42KB

    • MD5

      62a6dfddfea9f3b07840eab13c01fd6a

    • SHA1

      03dc4618e49b3652ece0d00063b975c64572bf8e

    • SHA256

      f1a1a87288448f8783207ac8a63509508fb49cdcf2e12e655528e42d2eb7da1b

    • SHA512

      d754eb9bd4bb46728239ac0c104833aac28d7b287d3c1f36b77517b9bd75c47870c4210f75989048f3bd043f9f385604341cb5d16e06edeff1b3494c7217d7ca

    • SSDEEP

      768:08QiQ2KKqqI28Tj6rZDJuZ2LV0TjWKZKfgm3EhSu:ZNqH28TjQ7LV0TSF7E0u

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks