mercurialgrabber | d70954b2e608f3d2f4561364035d3c4958743a668db083f21a7b216a820ca539

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 02:01

Target

fbae53e539c388e11c4f330ba6e2010f_JaffaCakes118.exe
Size

2.0MB
MD5

fbae53e539c388e11c4f330ba6e2010f
SHA1

2d16711a395bd0f27756fab2f4f744a4f3a9f4c4
SHA256

d70954b2e608f3d2f4561364035d3c4958743a668db083f21a7b216a820ca539
SHA512

b0ff9c987c836da8ac5df7dda796bd70509112e25fa3cd1eda895964b15ad211eecc159c9910925a4f001cec2d691c42c542c922660a3149393d05eb398c4e54
SSDEEP

24576:X0a/3paargPZtr1msdlDTtcSqxSrj8X27aBRmFMA9MxlCZ/W5DUulT777fcS:h3p9gLrIydqxy8Xf/m+Auxuy577

Score

10^/10

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral1/memory/2512-0-0x0000000000150000-0x000000000035C000-memory.dmp	family_zgrat_v1

Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
stealer mercurialgrabber
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

C:\Users\Admin\AppData\Local\Temp\fbae53e539c388e11c4f330ba6e2010f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fbae53e539c388e11c4f330ba6e2010f_JaffaCakes118.exe"
1⤵
PID:2512

memory/2512-0-0x0000000000150000-0x000000000035C000-memory.dmp

Filesize
2.0MB

Download
memory/2512-1-0x0000000074B40000-0x000000007522E000-memory.dmp

Filesize
6.9MB

Download
memory/2512-2-0x0000000004E70000-0x0000000004EB0000-memory.dmp

Filesize
256KB

Download
memory/2512-3-0x0000000074B40000-0x000000007522E000-memory.dmp

Filesize
6.9MB

Download