General
-
Target
Mercurial Grabber.exe
-
Size
42KB
-
Sample
231222-zkeeesddar
-
MD5
2bdec488e251d59626a3c0464e101929
-
SHA1
c458e8fe4e80a741f35813ce7c2aa2b28c9c7921
-
SHA256
15719fa156469648d2ea7b62a166d442e9e3ca29bcb22f541f13e04d5582dc89
-
SHA512
ce5424a7ce9e6480a84afcd09e84313b112a18512652d0e321e5690d5e67dc3cd3fdc6657db62dd27e8065f30503e619fa3a275127e441690aa81e356c3b1e9b
-
SSDEEP
768:PyOARyY8YU+7omMjuZiLsTTjaMKZKfgm3EhPB:FLYNCLsTTmMF7E9B
Behavioral task
behavioral1
Sample
Mercurial Grabber.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Mercurial Grabber.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/945387105146773544/HAPkyzqIoO7ttCOeGRCU1R9YCmdnF3zPb1ughGqmDeXcjnkJI7TEKWuZ5FgEpy3Ddb55
Targets
-
-
Target
Mercurial Grabber.exe
-
Size
42KB
-
MD5
2bdec488e251d59626a3c0464e101929
-
SHA1
c458e8fe4e80a741f35813ce7c2aa2b28c9c7921
-
SHA256
15719fa156469648d2ea7b62a166d442e9e3ca29bcb22f541f13e04d5582dc89
-
SHA512
ce5424a7ce9e6480a84afcd09e84313b112a18512652d0e321e5690d5e67dc3cd3fdc6657db62dd27e8065f30503e619fa3a275127e441690aa81e356c3b1e9b
-
SSDEEP
768:PyOARyY8YU+7omMjuZiLsTTjaMKZKfgm3EhPB:FLYNCLsTTmMF7E9B
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-