General
-
Target
62a6dfddfea9f3b07840eab13c01fd6a
-
Size
42KB
-
Sample
231219-ved49abea9
-
MD5
62a6dfddfea9f3b07840eab13c01fd6a
-
SHA1
03dc4618e49b3652ece0d00063b975c64572bf8e
-
SHA256
f1a1a87288448f8783207ac8a63509508fb49cdcf2e12e655528e42d2eb7da1b
-
SHA512
d754eb9bd4bb46728239ac0c104833aac28d7b287d3c1f36b77517b9bd75c47870c4210f75989048f3bd043f9f385604341cb5d16e06edeff1b3494c7217d7ca
-
SSDEEP
768:08QiQ2KKqqI28Tj6rZDJuZ2LV0TjWKZKfgm3EhSu:ZNqH28TjQ7LV0TSF7E0u
Behavioral task
behavioral1
Sample
62a6dfddfea9f3b07840eab13c01fd6a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
62a6dfddfea9f3b07840eab13c01fd6a.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/895521762614325278/0cQkzrsvVLdfDncYsHihutoyrWOX3m8Y_0gjrP9RiveAWp-5BR5p3VaKFSEf9_j-SY8m
Targets
-
-
Target
62a6dfddfea9f3b07840eab13c01fd6a
-
Size
42KB
-
MD5
62a6dfddfea9f3b07840eab13c01fd6a
-
SHA1
03dc4618e49b3652ece0d00063b975c64572bf8e
-
SHA256
f1a1a87288448f8783207ac8a63509508fb49cdcf2e12e655528e42d2eb7da1b
-
SHA512
d754eb9bd4bb46728239ac0c104833aac28d7b287d3c1f36b77517b9bd75c47870c4210f75989048f3bd043f9f385604341cb5d16e06edeff1b3494c7217d7ca
-
SSDEEP
768:08QiQ2KKqqI28Tj6rZDJuZ2LV0TjWKZKfgm3EhSu:ZNqH28TjQ7LV0TSF7E0u
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-