General

  • Target

    9f08110869579ebf74396c174b2da01d

  • Size

    42KB

  • Sample

    231227-dhlvtscddq

  • MD5

    9f08110869579ebf74396c174b2da01d

  • SHA1

    daa713676652b5fb2f5c3b42983b9140c102f91f

  • SHA256

    82282111d091f5e590a93d58df04fdca473877ab9b17ac8cbda1de1da23f9f2c

  • SHA512

    7cb7391ab5ce84d8db1ba2c0216f70b9415e47f39abed9ba1a34daacd837559beda7b4bf032477d808e4e04a30f832101c3164bffda16c5ee322cf8eb71174f3

  • SSDEEP

    384:PUPnsRk5X2rh3APlKOCh/XTNTW0s/XZxIh/XoJEFq5nmoqTAs4KQsLd/SfgUfAGH:PjAWh/jNJuZpLJqTj4KZKfgm3Eh6So

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discordapp.com/api/webhooks/869112850830983269/6FXnaXZDgBG89Vk260RUMRdMPPOUG3htIyG_t8gpZ3RgtzEY9xSUVCMtQFK6Lc7tS8OC

Targets

    • Target

      9f08110869579ebf74396c174b2da01d

    • Size

      42KB

    • MD5

      9f08110869579ebf74396c174b2da01d

    • SHA1

      daa713676652b5fb2f5c3b42983b9140c102f91f

    • SHA256

      82282111d091f5e590a93d58df04fdca473877ab9b17ac8cbda1de1da23f9f2c

    • SHA512

      7cb7391ab5ce84d8db1ba2c0216f70b9415e47f39abed9ba1a34daacd837559beda7b4bf032477d808e4e04a30f832101c3164bffda16c5ee322cf8eb71174f3

    • SSDEEP

      384:PUPnsRk5X2rh3APlKOCh/XTNTW0s/XZxIh/XoJEFq5nmoqTAs4KQsLd/SfgUfAGH:PjAWh/jNJuZpLJqTj4KZKfgm3Eh6So

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks