mercurialgrabber | Latteloader[.]proc[.]exe[.]exe | Triage

Sharing

General

Target

Latteloader.proc.exe.exe
Size

42KB
MD5

018267f834c9980f1160e6d9269cfb88
SHA1

b5b228925719546fc15da847db0f3bf7284b84a1
SHA256

7a402b188130ac2302f938fcb2e73894034f177712c960563c78d4dabd0bce71
SHA512

88e211601b3bb7cf0b2c5c44d2febe68c50c9a8a958027a8c4a106f763876267ee26a9c099fdd7efdec76386848d1d3a5ec1112473c0677a2db210e12908aa24
SSDEEP

768:uoNriNY/0qlyfehX0Wl+uZwLoLTjbKZKfgm3Ehcz:kYMq0fQzlwLoLTXF7ESz

Score

10^/10

mercurialgrabber

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discordapp.com/api/webhooks/899427633924812880/W3wY7LN9luaz60TtoWHm0BKP65w6rvbYJqJA6YRfJp9wFxpNa30cIOFEEAkr56QFwZkK

Signatures

Mercurialgrabber family
mercurialgrabber
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Latteloader.proc.exe.exe

Files

Latteloader.proc.exe.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ