General

  • Target

    2bdec488e251d59626a3c0464e101929.bin

  • Size

    42KB

  • Sample

    231224-br8pvaehe8

  • MD5

    2bdec488e251d59626a3c0464e101929

  • SHA1

    c458e8fe4e80a741f35813ce7c2aa2b28c9c7921

  • SHA256

    15719fa156469648d2ea7b62a166d442e9e3ca29bcb22f541f13e04d5582dc89

  • SHA512

    ce5424a7ce9e6480a84afcd09e84313b112a18512652d0e321e5690d5e67dc3cd3fdc6657db62dd27e8065f30503e619fa3a275127e441690aa81e356c3b1e9b

  • SSDEEP

    768:PyOARyY8YU+7omMjuZiLsTTjaMKZKfgm3EhPB:FLYNCLsTTmMF7E9B

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/945387105146773544/HAPkyzqIoO7ttCOeGRCU1R9YCmdnF3zPb1ughGqmDeXcjnkJI7TEKWuZ5FgEpy3Ddb55

Targets

    • Target

      2bdec488e251d59626a3c0464e101929.bin

    • Size

      42KB

    • MD5

      2bdec488e251d59626a3c0464e101929

    • SHA1

      c458e8fe4e80a741f35813ce7c2aa2b28c9c7921

    • SHA256

      15719fa156469648d2ea7b62a166d442e9e3ca29bcb22f541f13e04d5582dc89

    • SHA512

      ce5424a7ce9e6480a84afcd09e84313b112a18512652d0e321e5690d5e67dc3cd3fdc6657db62dd27e8065f30503e619fa3a275127e441690aa81e356c3b1e9b

    • SSDEEP

      768:PyOARyY8YU+7omMjuZiLsTTjaMKZKfgm3EhPB:FLYNCLsTTmMF7E9B

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks