Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
56d5e98fa935cef43afc85e3147032ed
-
Size
564KB
-
Sample
231226-ftc36sbeb6
-
MD5
56d5e98fa935cef43afc85e3147032ed
-
SHA1
f3cfe8dccef85c401cc272106af0e87c7d0f0b9b
-
SHA256
7b3038bd41ac34e36fc87a857a66a357b3c48989c7d26a522ea16e9b205f2ce1
-
SHA512
d7ce889e6e26e0c448dd4389e01fb42a9fc07a6b835eed098613b114e319db26c097f72b0dcc82346a7f7f17c524d690c13e6abeb372968b16daf72ecd584cdf
-
SSDEEP
12288:7oSWNT8ep3NLC1AZI4C4I9ep4GnaK0jKfFqosmN0YBDIu48+v4:7oS2T8e5NLCSZc4IBUaK0j6N0YBDIucQ
Static task
static1
Behavioral task
behavioral1
Sample
56d5e98fa935cef43afc85e3147032ed.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
56d5e98fa935cef43afc85e3147032ed.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/870291367530737705/kitCWvdskV4mesZN15sftPzdN9h7p-Y0ANa240mBlgWkIh9632aLpUK7C0zdv_guqyVv
Targets
-
-
Target
56d5e98fa935cef43afc85e3147032ed
-
Size
564KB
-
MD5
56d5e98fa935cef43afc85e3147032ed
-
SHA1
f3cfe8dccef85c401cc272106af0e87c7d0f0b9b
-
SHA256
7b3038bd41ac34e36fc87a857a66a357b3c48989c7d26a522ea16e9b205f2ce1
-
SHA512
d7ce889e6e26e0c448dd4389e01fb42a9fc07a6b835eed098613b114e319db26c097f72b0dcc82346a7f7f17c524d690c13e6abeb372968b16daf72ecd584cdf
-
SSDEEP
12288:7oSWNT8ep3NLC1AZI4C4I9ep4GnaK0jKfFqosmN0YBDIu48+v4:7oS2T8e5NLCSZc4IBUaK0j6N0YBDIucQ
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-