Overview

overview

10

Static

static

10

fa7bac648c...18.exe

windows7-x64

10

fa7bac648c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa7bac648c3984ac087f8698a3b8d9aa_JaffaCakes118

  • Size

    41KB

  • Sample

    240419-rll7naed98

  • MD5

    fa7bac648c3984ac087f8698a3b8d9aa

  • SHA1

    e75e80efbbb2bbe55b3c839288fb782cd2318a6c

  • SHA256

    b1ecc4ed8adf7b9e33e5e3a0ea97d13d9f5272c36514e5c91b9e1fb97f839ae2

  • SHA512

    5a97559ce2b024966472e2ea45858d74a4d0942e0dc15f950af52053977e66bc8656ad6afb6a7182e2cd3c7dfaab9302f40905298e4d77a089a755eb126b4031

  • SSDEEP

    768:6scabfwOAge8jy5M/BgwXuZFeJWTjTKZKfgm3Eham:ZcILe8HoeJWTvF7EEm

Score
10/10
mercurialgrabberspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discordapp.com/api/webhooks/875488029408636929/9iQryvEzwkNdwwybu4SUrQJdc641YE8LorRjOuTOdsQ3TkMfTKWqJbwksop17BfgeuHk

Targets

    • Target

      fa7bac648c3984ac087f8698a3b8d9aa_JaffaCakes118

    • Size

      41KB

    • MD5

      fa7bac648c3984ac087f8698a3b8d9aa

    • SHA1

      e75e80efbbb2bbe55b3c839288fb782cd2318a6c

    • SHA256

      b1ecc4ed8adf7b9e33e5e3a0ea97d13d9f5272c36514e5c91b9e1fb97f839ae2

    • SHA512

      5a97559ce2b024966472e2ea45858d74a4d0942e0dc15f950af52053977e66bc8656ad6afb6a7182e2cd3c7dfaab9302f40905298e4d77a089a755eb126b4031

    • SSDEEP

      768:6scabfwOAge8jy5M/BgwXuZFeJWTjTKZKfgm3Eham:ZcILe8HoeJWTvF7EEm

    Score
    10/10
    mercurialgrabberspywarestealer

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

      stealermercurialgrabber

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks