General
-
Target
f3c868afe1a58261340bf251d20211d8_JaffaCakes118
-
Size
55KB
-
Sample
240416-syjsqsdf33
-
MD5
f3c868afe1a58261340bf251d20211d8
-
SHA1
a8e1be0cb00b8e825d0232e3e7c2cbda8e0484f9
-
SHA256
9869ded93a52372e8e5ad3e9378ee6248dd57d9cbd5ec38ac709b5e38b9f7d16
-
SHA512
a06669e4da2870c341e8701d790e80be177b2fc4062a9d2a81863dae3135e73e550a83acc00d1ae889f5795b146d5a4223181e756d9e560f72ee0ec9c19534dc
-
SSDEEP
768:5B3CApzob/YTwTjYFdGf0WBREhdz0PzzAX:fLNa/Y8TUUnEUPzE
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/875430018560442368/MavU76NAbE8srbsu3sdD1pvTY4Bu5Owj9FB7cxvFbCZpaeNLeoQyo_OCWVfgBexfZb8W
Targets
-
-
Target
f3c868afe1a58261340bf251d20211d8_JaffaCakes118
-
Size
55KB
-
MD5
f3c868afe1a58261340bf251d20211d8
-
SHA1
a8e1be0cb00b8e825d0232e3e7c2cbda8e0484f9
-
SHA256
9869ded93a52372e8e5ad3e9378ee6248dd57d9cbd5ec38ac709b5e38b9f7d16
-
SHA512
a06669e4da2870c341e8701d790e80be177b2fc4062a9d2a81863dae3135e73e550a83acc00d1ae889f5795b146d5a4223181e756d9e560f72ee0ec9c19534dc
-
SSDEEP
768:5B3CApzob/YTwTjYFdGf0WBREhdz0PzzAX:fLNa/Y8TUUnEUPzE
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-