Overview

overview

10

Static

static

10

RGF-main.zip

windows10-2004-x64

1

RoBrute-ma...ute.py

windows10-2004-x64

3

RoBrute-ma...Lib.py

windows10-2004-x64

3

RoBrute-ma...ib.pyc

windows10-2004-x64

3

RoBrute-ma...cks.py

windows10-2004-x64

3

RoBrute-ma...ks.pyc

windows10-2004-x64

3

RGF-main/RBF.exe

windows10-2004-x64

10

Resubmissions

12-05-2024 18:09

240512-wrsnvahe71 10

12-05-2024 17:56

240512-wh2v6acb26 10

12-05-2024 17:50

240512-we2qzsbh82 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RGF-main.zip

  • Size

    54KB

  • Sample

    240512-wh2v6acb26

  • MD5

    7bcc565dfb0ce789f9a984870a64414c

  • SHA1

    7918e05800b7d02be5aa3670259709fde7f5c268

  • SHA256

    33461d788a33b88bed3d489826f9fb766cae421f322b81c5eb861718a1dea7bb

  • SHA512

    0490c139cd781e827fa35e55d21d887990febb2ab158baac005755ae1825904cf8f2971a10e75e135fa350c40ac841815ddeb2fd5c9da2d7b350e9c509f027b0

  • SSDEEP

    768:C2wkbG+ulfxDBcy7hCPWLp7BKgRfIa700K/2x6qKDcqVQ1WEx7HyWKpIpTtKP1ZC:CN1LPBcmKWLp7BTei/qVgRHfKJLYd9vr

Score
10/10
mercurialgrabberevasionspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/975244014364270683/FZnH_sfT1E7Axl_7pfCffp86xK6BWVM_UXXb74CN2p4kpHxH_6kuQsuzlglxNPVfnIm6

Targets

    • Target

      RGF-main.zip

    • Size

      54KB

    • MD5

      7bcc565dfb0ce789f9a984870a64414c

    • SHA1

      7918e05800b7d02be5aa3670259709fde7f5c268

    • SHA256

      33461d788a33b88bed3d489826f9fb766cae421f322b81c5eb861718a1dea7bb

    • SHA512

      0490c139cd781e827fa35e55d21d887990febb2ab158baac005755ae1825904cf8f2971a10e75e135fa350c40ac841815ddeb2fd5c9da2d7b350e9c509f027b0

    • SSDEEP

      768:C2wkbG+ulfxDBcy7hCPWLp7BKgRfIa700K/2x6qKDcqVQ1WEx7HyWKpIpTtKP1ZC:CN1LPBcmKWLp7BTei/qVgRHfKJLYd9vr

    Score
    1/10
    behavioral1

    • Target

      RoBrute-master/RoBrute.py

    • Size

      6KB

    • MD5

      459ffbe4a551223287035714b6e274c2

    • SHA1

      98151335d6fcf0630f03092fee504aa05563d2db

    • SHA256

      418ab9d7b1c9ee04596bf868b74ba50f7105b3a150f6989d74d445f9810aaef9

    • SHA512

      385d9317c7b823eef361ae294635697c07b1bf93d4d8d17da703911688f9b2b478532ff800c670507bf6269e7addbba7eb8f057357754e3565999d36af804cee

    • SSDEEP

      192:aIzopckmTzso484ijEF3VvGK4F21p54wfFaep6D:aIkukwIijEF3VVs6htaepA

    Score
    3/10
    behavioral2

    • Target

      RoBrute-master/mainLib.py

    • Size

      481B

    • MD5

      d605f4316cf7dd5b2f4d68e5534903a5

    • SHA1

      1d9f87b0316cacdbc97c265a2005ceb9f04dd0e2

    • SHA256

      930cac6585d68eef349b1db9e376c3c9cef6a764a51c6e19a55b3d23cbe4acbd

    • SHA512

      384a3e39dad72d77fa8da085714b08ea8bddaa49c70df389febf9290c9ce09114646c417d31d6888437d237817b2eea67d183c7c65e5e985faa66a02b05a746b

    Score
    3/10
    behavioral3

    • Target

      RoBrute-master/mainLib.pyc

    • Size

      806B

    • MD5

      a69353c0a05226a823732ff09def0462

    • SHA1

      29d202a58960848f8a74c52cc5e0f28c239cbe1d

    • SHA256

      14db2c7373b04e3767f4210e473906661b5251afceb5f9e445ab276f13b51a01

    • SHA512

      b40d9ec41b4ef60d7d84400d4bcbcf11d0f469bd0365e84ff4a6b92f0dc71e12fd1f7ee4af5dd7d47dc2bd4548ecb1e75631a20829717f7ab5c46e80ed8cdfaa

    Score
    3/10
    behavioral4

    • Target

      RoBrute-master/socks.py

    • Size

      31KB

    • MD5

      48785c4abab003e3567e381d81a4e3fe

    • SHA1

      b78b23d63ac8d301e24e9a0f2c709f4d02abba87

    • SHA256

      bc89e89dcd6a255af82c73cbd6cbbaaddba2aa83380188bbb8282aef40b0a11a

    • SHA512

      52d7002548b3dc31ba4c355270577b92980c4a569dcad45c6af518da7355fcec0ace7c9ce5fabcf68dc04b2211d0d31a5cac1e7dc92a5017a1c3f1ed74cbb09a

    • SSDEEP

      768:MTMqwGwX3Q/28zGh9czigrcQcJWN2hqoJRBLXo:M1rwXl8zGhCzig4QIWN0JRBjo

    Score
    3/10
    behavioral5

    • Target

      RoBrute-master/socks.pyc

    • Size

      26KB

    • MD5

      c59597fcf54f22c79d319b129c33a62a

    • SHA1

      316daa8cc82926af92ae9400c83c172681f427be

    • SHA256

      245adcd5c71c12585d86e4cee0370781d99bd3ea8029e9869744028ed26bb7d5

    • SHA512

      bf1b978029e2500ef16c4f201ef456324752f2dfc5e213153a861c990010518520e7e2d4b501deab30056302201537291ceff77312f5adae2d3845c8bce2a9c9

    • SSDEEP

      768:x+TMqK0DoOgVH8zD5x50Y8a6RA516g0QsCh:k1DIVczDbXr6Ku4h

    Score
    3/10
    behavioral6

    • Target

      RGF-main/RBF.exe

    • Size

      41KB

    • MD5

      09d12c328c88bfdfef9dcc0927dca671

    • SHA1

      4f61a36bc05dbd9229b56db5ead4ea3d37e4308a

    • SHA256

      64e772d1da472d9da1dde4d9b070c1d9acf98d9819ec04058a0161f020022e49

    • SHA512

      4774119f1eb6f3f712fc29f7c7cceb31a67c62c01a6b7f09ccf17a85a4d78b3fed4f3a9532c353490f9058aae5db58d305a92a65a8e8039e7c123f48e73d1d51

    • SSDEEP

      768:escGoAxWdPN+wauZLePWTjZKZKfgm3Ehpe:tcVdPN9ePWTVF7Ebe

    Score
    10/10
    mercurialgrabberevasionspywarestealer

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

      stealermercurialgrabber

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral7

MITRE ATT&CK Enterprise v15

Tasks