General
-
Target
Builder.exe
-
Size
42KB
-
MD5
1a3ba58e274169d2eadfec6ec8581bfa
-
SHA1
40e7eaea87c99d057df9d2bcbcd7ca69484ce180
-
SHA256
9bbbf3420133df761ac53650ed84df1fbfab03e7923f43c473f120a36a120f7f
-
SHA512
958552160d7e1f867ce2ec0d8f39140b3196869afbfbb3096dd2abe92a6793b70c2fd822335c948805c3cf13b2af5982aae0efce8a10d34047ae1b60e5826fc6
-
SSDEEP
768:EjkER6fTjONGPuZaLyVTj9pKZKfgm3Ehsk:06fTjoGPLyVTBpF7ECk
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1238866177023803432/KGNM2my26TgMOp8Q_Hco9K-cj2DQv5mzy_Sxi90wJdobK3pk1dX_Zq6zSsaUslqb52lG
Signatures
-
Mercurialgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Builder.exe
Files
-
Builder.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ