General
-
Target
ba2ae59855b6b2f6ee7a49e9f9ae6c01
-
Size
41KB
-
Sample
231220-qypymscbe4
-
MD5
ba2ae59855b6b2f6ee7a49e9f9ae6c01
-
SHA1
6906ffee243a9191030a9610df0a3e69b557c912
-
SHA256
e5ceadcbe62ad5c8413fbbd35da580d94dd62385e2a537da401f93eb5946763d
-
SHA512
4e85516314f3cd7e3c1de7ef9b5d5fd3530fb880533be70db841b0e141780b2cda63ad1bd504c0c0fe32e8f8ce4fcf56ad31d6e7ae1cc5fa94f35712adcc75d8
-
SSDEEP
768:YscGoAbNLQ6v8w0uZwekWTjDKZKfgm3EhwE:/ccNU6vmekWTnF7E+E
Behavioral task
behavioral1
Sample
ba2ae59855b6b2f6ee7a49e9f9ae6c01.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ba2ae59855b6b2f6ee7a49e9f9ae6c01.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/896037726497947708/lGMnRudWdyg8G4N241UvTIzTGeqVaAYsr2hfQIdNekeqlHAQ_W6-KE_Oa16B9um4CUbZ
Targets
-
-
Target
ba2ae59855b6b2f6ee7a49e9f9ae6c01
-
Size
41KB
-
MD5
ba2ae59855b6b2f6ee7a49e9f9ae6c01
-
SHA1
6906ffee243a9191030a9610df0a3e69b557c912
-
SHA256
e5ceadcbe62ad5c8413fbbd35da580d94dd62385e2a537da401f93eb5946763d
-
SHA512
4e85516314f3cd7e3c1de7ef9b5d5fd3530fb880533be70db841b0e141780b2cda63ad1bd504c0c0fe32e8f8ce4fcf56ad31d6e7ae1cc5fa94f35712adcc75d8
-
SSDEEP
768:YscGoAbNLQ6v8w0uZwekWTjDKZKfgm3EhwE:/ccNU6vmekWTnF7E+E
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-