General

  • Target

    91f1616aef66aaccd78af4ca336bc40a

  • Size

    42KB

  • Sample

    231219-y3yqcacfgj

  • MD5

    91f1616aef66aaccd78af4ca336bc40a

  • SHA1

    ba1b71e5080465db3b000ba1d611c47dea35ae80

  • SHA256

    9e9e7ba74e9644038d96f5931d4e540622f115cb02b904b0ab12cac824b6fcc9

  • SHA512

    69b154c568577756cf8278e86c197a3f0b4dbcf9073d83bf287e508f58b9d87293f37c2528f7e4c0070cd87ca9ea991a9276fdc55e4ebc69ba36bada631b3950

  • SSDEEP

    768:0kxzKKqqI2SrZDfuZML4BUTjPKZKfgm3EhqBBZ:JNqH2oLL4BUTrF7E4X

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/893739851856367676/SNpO4YQixEgiS4X-hS2OHJ7YfJwBYH4-HxSDTj7Gc8o3tusEz_drp0Q2X_8SEmWp3zLg

Targets

    • Target

      91f1616aef66aaccd78af4ca336bc40a

    • Size

      42KB

    • MD5

      91f1616aef66aaccd78af4ca336bc40a

    • SHA1

      ba1b71e5080465db3b000ba1d611c47dea35ae80

    • SHA256

      9e9e7ba74e9644038d96f5931d4e540622f115cb02b904b0ab12cac824b6fcc9

    • SHA512

      69b154c568577756cf8278e86c197a3f0b4dbcf9073d83bf287e508f58b9d87293f37c2528f7e4c0070cd87ca9ea991a9276fdc55e4ebc69ba36bada631b3950

    • SSDEEP

      768:0kxzKKqqI2SrZDfuZML4BUTjPKZKfgm3EhqBBZ:JNqH2oLL4BUTrF7E4X

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks