mercurialgrabber | 45224815f12fc3a8ed5422780e5ec795 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45224815f12fc3a8ed5422780e5ec795
Size

1.2MB
MD5

45224815f12fc3a8ed5422780e5ec795
SHA1

32874aac055ea8fc225b840a71164052f3f95534
SHA256

4b09c85ed09da44ea9c89256771a7906cd4b2d0e8f9514c80f50dd1e9daf2275
SHA512

f6981798f765ac417913dad30391f99a1c1880a74e99113915bd41c5b077f4df701962c5683685ca7b491c798a79d0a70b36fb14d0b8c4b7a9115040bb8ec140
SSDEEP

12288:L5+E19vYAx5+E19vYAXzCYG6wyXeWYgeWYg955/155/ZyhiFGTIiakJ0jBo9hERb:P9N9tG6tXAkFGTLakJ0jB9T

Score

10^/10

mercurialgrabber njrat

Malware Config

Signatures

Mercurialgrabber family
mercurialgrabber
Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45224815f12fc3a8ed5422780e5ec795

Files

45224815f12fc3a8ed5422780e5ec795
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ