General
-
Target
e9adfd823ed36e229d4b61c3bf4872eb_JaffaCakes118
-
Size
247KB
-
Sample
240409-le9fqabf77
-
MD5
e9adfd823ed36e229d4b61c3bf4872eb
-
SHA1
cb4e5bc1fab67672e99adb83ae4cdc7e4d9e0ed4
-
SHA256
19addd161059ec547168408e4caec7fb62713f30bed662a3e7297723ec6179a3
-
SHA512
b9a8f460c03b64ada57040e289b9503ee1a2916cb209267025c8c019eee9eb6d213ce5439af5748a79bd58b9d4576b633b46e9bdf57ea2be45633ed9378e0c7d
-
SSDEEP
3072:818cqLrTYmF7E4UbUTe5MsuukaPTn6nhfpi6Ok:86cqHPTxukTnhfc
Malware Config
Extracted
mercurialgrabber
https://ptb.discord.com/api/webhooks/885550112607174676/jfFMEu2U7CQOr1gzI3mFcQgXTNsOdHVMxANGuS--lFlBW7nGwqXRDeojEkHwROhDPNen
Targets
-
-
Target
e9adfd823ed36e229d4b61c3bf4872eb_JaffaCakes118
-
Size
247KB
-
MD5
e9adfd823ed36e229d4b61c3bf4872eb
-
SHA1
cb4e5bc1fab67672e99adb83ae4cdc7e4d9e0ed4
-
SHA256
19addd161059ec547168408e4caec7fb62713f30bed662a3e7297723ec6179a3
-
SHA512
b9a8f460c03b64ada57040e289b9503ee1a2916cb209267025c8c019eee9eb6d213ce5439af5748a79bd58b9d4576b633b46e9bdf57ea2be45633ed9378e0c7d
-
SSDEEP
3072:818cqLrTYmF7E4UbUTe5MsuukaPTn6nhfpi6Ok:86cqHPTxukTnhfc
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-