mercurialgrabber | Mercurial[.]Grabber[.]v1[.]03[.]rar | Triage

Sharing

General

Target

Mercurial.Grabber.v1.03.rar
Size

18KB
MD5

023bd9c10c9e467197f4b3bb0ab1a5ff
SHA1

d4e96633942beb97a387d8e68b0d7e9a1858c694
SHA256

0f22d8c34f3ecd40535fe4f88e5b05560a062e7edd97c18c673980f35d5b319f
SHA512

ca3827f651e18c1f5cd01d0529169ff7583002164d9d43f8f22477c4997709ed941bf480db5cf67bcd2fc3147f22217f450662b8eaa604b5b6b91d231280f1a4
SSDEEP

384:oUHU/LdPMkCZkPAP4z2ow5gELQpjmjs7HV+qoK:oU6hP+NrqELwyjs74qoK

Score

10^/10

mercurialgrabber

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/969936040930451487/mf72QATeKW89Ml_jXHm5Gg0GOsTvPdWwtRq38PIRPQd6yxDgKPUPBfyhOYe2g2Z83rsM

Signatures

Mercurialgrabber family
mercurialgrabber
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Mercurial Grabber.exe

Files

Mercurial.Grabber.v1.03.rar
.rar
Mercurial Grabber.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt