Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Minecraft Realistic Shades Pack.exe
-
Size
44KB
-
Sample
240426-tkbewaga5v
-
MD5
362b364d57781b6af61ddf4972435997
-
SHA1
2f5a00603ea850c8a88d92ee034418c4e7314883
-
SHA256
50d4d5c8a6b9fcd233e5aca2c59059d5b7633c80e58ba861d8152a153a148cfe
-
SHA512
76fcaacbfc9277d22d9e9f9dff6b85ea0f62909ac7bd4dcb954afb2add2cc486a7f29bd101248eef8dfeb4d01beaba8192a77b71ce438d56475a2935d32571aa
-
SSDEEP
768:9mDdN/fLgOukGuZ/LABTjtKZKfgm3Eh0WoE:9mfzbrXLABTpF7EyWo
Behavioral task
behavioral1
Sample
Minecraft Realistic Shades Pack.exe
Resource
win11-20240419-en
Behavioral task
behavioral2
Sample
Minecraft Realistic Shades Pack.exe
Resource
macos-20240410-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1233395385381163029/bXoPS24yb2gh1irnWpsJMeqnojon0l-lF59jmnwJ9_5Z523t93WbIlgepEqZGMU63aZu
Targets
-
-
Target
Minecraft Realistic Shades Pack.exe
-
Size
44KB
-
MD5
362b364d57781b6af61ddf4972435997
-
SHA1
2f5a00603ea850c8a88d92ee034418c4e7314883
-
SHA256
50d4d5c8a6b9fcd233e5aca2c59059d5b7633c80e58ba861d8152a153a148cfe
-
SHA512
76fcaacbfc9277d22d9e9f9dff6b85ea0f62909ac7bd4dcb954afb2add2cc486a7f29bd101248eef8dfeb4d01beaba8192a77b71ce438d56475a2935d32571aa
-
SSDEEP
768:9mDdN/fLgOukGuZ/LABTjtKZKfgm3Eh0WoE:9mfzbrXLABTpF7EyWo
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-