mercurialgrabber | 0f22d8c34f3ecd40535fe4f88e5b05560a062e7edd97c18c673980f35d5b319f | Triage

Submit
Reports

Overview

overview

Static

static

Mercurial Grabber.exe

windows10-1703-x64

Mercurial Grabber.exe

windows10-2004-x64

Sharing

General

Target

Mercurial.Grabber.v1.03.rar
Size

18KB
Sample

240405-2f5f6aeg48
MD5

023bd9c10c9e467197f4b3bb0ab1a5ff
SHA1

d4e96633942beb97a387d8e68b0d7e9a1858c694
SHA256

0f22d8c34f3ecd40535fe4f88e5b05560a062e7edd97c18c673980f35d5b319f
SHA512

ca3827f651e18c1f5cd01d0529169ff7583002164d9d43f8f22477c4997709ed941bf480db5cf67bcd2fc3147f22217f450662b8eaa604b5b6b91d231280f1a4
SSDEEP

384:oUHU/LdPMkCZkPAP4z2ow5gELQpjmjs7HV+qoK:oU6hP+NrqELwyjs74qoK

Score

10^/10

mercurialgrabber evasion spyware stealer

Static task

static1

mercurialgrabber

2 signatures

Behavioral task

behavioral1

Sample

Mercurial Grabber.exe

Resource

win10-20240404-en

mercurialgrabber evasion stealer

windows10-1703-x64

7 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Mercurial Grabber.exe

Resource

win10v2004-20240226-en

mercurialgrabber evasion spyware stealer

windows10-2004-x64

13 signatures

1800 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/969936040930451487/mf72QATeKW89Ml_jXHm5Gg0GOsTvPdWwtRq38PIRPQd6yxDgKPUPBfyhOYe2g2Z83rsM

Targets

- Target
  
  Mercurial Grabber.exe
- Size
  
  48KB
- MD5
  
  8159bc0b78ff637a9f5b20f05850a9dd
- SHA1
  
  a023262d8c60dfaac5f68798d7d9986494b6ca8c
- SHA256
  
  496cb15b8bb0d6503b222c301c7cfbbb6d214de32b69b0cd402e6ebaeb2a3a2b
- SHA512
  
  49d00b7ce4f46d84b2af17f5e0a886304f012ab26fcac888b7df7be5adbf61f9673d8214e2b0fae7c287302cb2948e42e82eae6ad840c90634e6a4a93d2c15c0
- SSDEEP
  
  768:3MsLsY8YVKIEomMTuZiLerxTjgKZKfgm3EhS2F:WLYVbcyLgxTsF7Ew2F
Score

10^/10

mercurialgrabber evasion stealer spyware
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberevasionstealer

behavioral2

mercurialgrabberevasionspywarestealer

© 2018-2024

Terms | Privacy