General

  • Target

    3b0c2467287c4c96eb31087ff9f3c937

  • Size

    246KB

  • Sample

    231222-a3cacaghgk

  • MD5

    3b0c2467287c4c96eb31087ff9f3c937

  • SHA1

    17e68f189d174695d52a955b560a15f1cd7c1c6b

  • SHA256

    989c8266aa46a2f7ec20e4571f8861166ad1f25424f8f84f9b32deaf8523cf2e

  • SHA512

    d667e7647fd3a3b3b94866768a2e50e79ad9dcc11672d0eee33730841bd7327fe71e5b6da3315b66eaf40be0bd3fff916914474244f6b5e84345a190b6a11856

  • SSDEEP

    3072:deybLoT7F7EiiWQDNDUqOamk+hHgiGIBfBLVJLMifYqDY9CfooAwWXv9:deybuWxhmrhHgiGOBLVO4Yq/oZH9

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/876785984463851530/6OtBOV8YYVRgQsCsIfuqm1LRLsAbqLiZo9EmRVi0CTahSzT0ZrTNH4lu0llxQ0Cgvv0B

Targets

    • Target

      3b0c2467287c4c96eb31087ff9f3c937

    • Size

      246KB

    • MD5

      3b0c2467287c4c96eb31087ff9f3c937

    • SHA1

      17e68f189d174695d52a955b560a15f1cd7c1c6b

    • SHA256

      989c8266aa46a2f7ec20e4571f8861166ad1f25424f8f84f9b32deaf8523cf2e

    • SHA512

      d667e7647fd3a3b3b94866768a2e50e79ad9dcc11672d0eee33730841bd7327fe71e5b6da3315b66eaf40be0bd3fff916914474244f6b5e84345a190b6a11856

    • SSDEEP

      3072:deybLoT7F7EiiWQDNDUqOamk+hHgiGIBfBLVJLMifYqDY9CfooAwWXv9:deybuWxhmrhHgiGOBLVO4Yq/oZH9

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks