General
-
Target
f68dd4bba65bf4f6584b1aa4fd74abe5_JaffaCakes118
-
Size
1.1MB
-
Sample
240417-yqyjtaea9y
-
MD5
f68dd4bba65bf4f6584b1aa4fd74abe5
-
SHA1
03fb29723cb3ca5fd7714c49ad77ccf0bb293b00
-
SHA256
7f396801cd173497e6f6e6454570b56827a0ad3de1dd59dd126dcddde6960e3b
-
SHA512
a1772565c2dd03e9aceeea848684be68bcd0e3e3da183291605439644c10d9f1b523a421df0771dfac23bf3a98efe8fe53b3d2715118cfbf5b8da0771d22e020
-
SSDEEP
24576:kHCVlWCcYIGjJnIabGo0l1vQ0HKcg464OJGQcOAjE46:kCelGFxGou1nHDdlOJGx56
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/866300914012782599/XsqQroUsIGROEaXEklV70vXvaKgEn9lzpilIbakUXKsIJJX7p57IVSxxh1truJ8qV0la
Targets
-
-
Target
f68dd4bba65bf4f6584b1aa4fd74abe5_JaffaCakes118
-
Size
1.1MB
-
MD5
f68dd4bba65bf4f6584b1aa4fd74abe5
-
SHA1
03fb29723cb3ca5fd7714c49ad77ccf0bb293b00
-
SHA256
7f396801cd173497e6f6e6454570b56827a0ad3de1dd59dd126dcddde6960e3b
-
SHA512
a1772565c2dd03e9aceeea848684be68bcd0e3e3da183291605439644c10d9f1b523a421df0771dfac23bf3a98efe8fe53b3d2715118cfbf5b8da0771d22e020
-
SSDEEP
24576:kHCVlWCcYIGjJnIabGo0l1vQ0HKcg464OJGQcOAjE46:kCelGFxGou1nHDdlOJGx56
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-