mercurialgrabber | 721d579ac9306e8cfb33ed09349e8d509d9ed3ca2e7abe9bbe6d69f9b4a8006c | Triage

Submit
Reports

Overview

overview

Static

static

Discord vo....2.exe

windows11-21h2-x64

Sharing

General

Target

Discord volume up 1.2.exe
Size

46KB
Sample

240423-srs3tshd64
MD5

eda23608a57adef03353df52ef3f06c3
SHA1

0115336c5079d972814f0dfe5fc2d9a8056fff73
SHA256

721d579ac9306e8cfb33ed09349e8d509d9ed3ca2e7abe9bbe6d69f9b4a8006c
SHA512

0f6a945c84b35c0a3aab203d046ee76150e204522d020a4f89a8266cbb3453842a787661dcbec16e164199a2c00529931a0d8786c35475aa4d15449be96a3d0d
SSDEEP

768:ajLB+NAu98bTEehX0W9puZrLEPTjhNKZKfgm3EhOSLj:zAuubTEQz9ULEPT7F7EYy

Score

10^/10

mercurialgrabber evasion stealer

Static task

static1

mercurialgrabber

2 signatures

Behavioral task

behavioral1

Sample

Discord volume up 1.2.exe

Resource

win11-20240412-en

mercurialgrabber evasion stealer

windows11-21h2-x64

16 signatures

120 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1232345926203609129/boj6_wrTqBY1eXKl-xhVfTv2GmMDL3mi4GSx8zi2Aw9sBBtbDDaBWq3UFN2rItebxxjd

Targets

- Target
  
  Discord volume up 1.2.exe
- Size
  
  46KB
- MD5
  
  eda23608a57adef03353df52ef3f06c3
- SHA1
  
  0115336c5079d972814f0dfe5fc2d9a8056fff73
- SHA256
  
  721d579ac9306e8cfb33ed09349e8d509d9ed3ca2e7abe9bbe6d69f9b4a8006c
- SHA512
  
  0f6a945c84b35c0a3aab203d046ee76150e204522d020a4f89a8266cbb3453842a787661dcbec16e164199a2c00529931a0d8786c35475aa4d15449be96a3d0d
- SSDEEP
  
  768:ajLB+NAu98bTEehX0W9puZrLEPTjhNKZKfgm3EhOSLj:zAuubTEQz9ULEPT7F7EYy
Score

10^/10

mercurialgrabber evasion stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberevasionstealer

© 2018-2025

Terms | Privacy