mercurialgrabber | 9ce1963269efaa3e64273e20c04c215dfe781044813336fa1bdd5fe126345458 | Triage

Submit
Reports

Overview

overview

Static

static

e4e2e0cccd...18.exe

windows7-x64

e4e2e0cccd...18.exe

windows10-2004-x64

Sharing

General

Target

e4e2e0cccdc2ca304ad23def23972dbd_JaffaCakes118
Size

190KB
Sample

240407-n9vxxscd2w
MD5

e4e2e0cccdc2ca304ad23def23972dbd
SHA1

7947026fd18ddfb46ee30d6765c1bc81d6846b2c
SHA256

9ce1963269efaa3e64273e20c04c215dfe781044813336fa1bdd5fe126345458
SHA512

61a53b39abd64ccf3fcb875786bf5005ff334a5bf17c940c80f8998c804bf3bd544df127c053a27faa602cbf11be39e85ab3babbfef3c0ab37733e79676ca8a0
SSDEEP

3072:epcG95wMLXTNF7EwYWO33VrhwkHYDKkzQ9RY6N0QuvkXdRx3uXpGj0qwQGizQQz:epcG95wM7I3v0Kkc9RXdDUXU4qwyzQuk

Score

10^/10

mercurialgrabber evasion spyware stealer

Static task

static1

mercurialgrabber

2 signatures

Behavioral task

behavioral1

Sample

e4e2e0cccdc2ca304ad23def23972dbd_JaffaCakes118.exe

Resource

win7-20240221-en

mercurialgrabber evasion spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

e4e2e0cccdc2ca304ad23def23972dbd_JaffaCakes118.exe

Resource

win10v2004-20240226-en

mercurialgrabber evasion spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/877488114191466546/FUrNh0PeCyjW3Yr_BJdodg7lzmuSvDjTsy_PMxpPmuinCJuw1BpCnGLb-rAPNYxQ9EIb

Targets

- Target
  
  e4e2e0cccdc2ca304ad23def23972dbd_JaffaCakes118
- Size
  
  190KB
- MD5
  
  e4e2e0cccdc2ca304ad23def23972dbd
- SHA1
  
  7947026fd18ddfb46ee30d6765c1bc81d6846b2c
- SHA256
  
  9ce1963269efaa3e64273e20c04c215dfe781044813336fa1bdd5fe126345458
- SHA512
  
  61a53b39abd64ccf3fcb875786bf5005ff334a5bf17c940c80f8998c804bf3bd544df127c053a27faa602cbf11be39e85ab3babbfef3c0ab37733e79676ca8a0
- SSDEEP
  
  3072:epcG95wMLXTNF7EwYWO33VrhwkHYDKkzQ9RY6N0QuvkXdRx3uXpGj0qwQGizQQz:epcG95wM7I3v0Kkc9RXdDUXU4qwyzQuk
Score

10^/10

mercurialgrabber evasion spyware stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberevasionspywarestealer

behavioral2

mercurialgrabberevasionspywarestealer

© 2018-2024

Terms | Privacy