Overview

overview

10

Static

static

10

bd4ff54109...91.exe

windows7-x64

10

bd4ff54109...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd4ff54109265b066ce317359fb34291

  • Size

    46KB

  • Sample

    240310-bx95vshb3y

  • MD5

    bd4ff54109265b066ce317359fb34291

  • SHA1

    3f2d4e7e438b289fe26f702891fb0b27d77d6206

  • SHA256

    cdb225bf9fab15e0da4c6ef0bde9c3c4da253e550daf3701ca37de01c375137b

  • SHA512

    8354128cc45d8556566c09a4e4ac96cb19562922bd19e60d6a6eb1e8b98c9592cc66ce29da206b9463b1411224cf06225dddd8f7023c4bf1c9c3ecfc10550f3d

  • SSDEEP

    768:WRR/vW6qLhY8Yh7omMBuZoLrB8TjxKZKfgm3EhTAAKrlUI:WH/O6ALYp+LV8T9F7EhA7

Score
10/10
mercurialgrabberevasionspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/877654937629245530/_NPn4dc9lYtPFjYq7L8cDS0JImKZLYl8cGrfTpuYoOtcrOyBFr_Kcszk73ZTQrVFTIvj

Targets

    • Target

      bd4ff54109265b066ce317359fb34291

    • Size

      46KB

    • MD5

      bd4ff54109265b066ce317359fb34291

    • SHA1

      3f2d4e7e438b289fe26f702891fb0b27d77d6206

    • SHA256

      cdb225bf9fab15e0da4c6ef0bde9c3c4da253e550daf3701ca37de01c375137b

    • SHA512

      8354128cc45d8556566c09a4e4ac96cb19562922bd19e60d6a6eb1e8b98c9592cc66ce29da206b9463b1411224cf06225dddd8f7023c4bf1c9c3ecfc10550f3d

    • SSDEEP

      768:WRR/vW6qLhY8Yh7omMBuZoLrB8TjxKZKfgm3EhTAAKrlUI:WH/O6ALYp+LV8T9F7EhA7

    Score
    10/10
    mercurialgrabberevasionspywarestealer

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

      stealermercurialgrabber

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks