Overview

overview

10

Static

static

10

RGF-main.zip

windows10-2004-x64

10

RGF-main/Input.zip

windows10-2004-x64

1

RoBrute-ma...ICENSE

windows10-2004-x64

1

RoBrute-ma...DME.md

windows10-2004-x64

3

RoBrute-ma...ute.py

windows10-2004-x64

3

RoBrute-ma...Lib.py

windows10-2004-x64

3

RoBrute-ma...ib.pyc

windows10-2004-x64

3

RoBrute-ma...ss.lst

windows10-2004-x64

3

RoBrute-ma...y.yaml

windows10-2004-x64

3

RoBrute-ma...ts.txt

windows10-2004-x64

1

RoBrute-ma...cks.py

windows10-2004-x64

3

RoBrute-ma...ks.pyc

windows10-2004-x64

3

RGF-main/RBF.exe

windows10-2004-x64

10

RGF-main/README.md

windows10-2004-x64

3

Resubmissions

12-05-2024 18:09

240512-wrsnvahe71 10

12-05-2024 17:56

240512-wh2v6acb26 10

12-05-2024 17:50

240512-we2qzsbh82 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RGF-main.zip

  • Size

    54KB

  • MD5

    7bcc565dfb0ce789f9a984870a64414c

  • SHA1

    7918e05800b7d02be5aa3670259709fde7f5c268

  • SHA256

    33461d788a33b88bed3d489826f9fb766cae421f322b81c5eb861718a1dea7bb

  • SHA512

    0490c139cd781e827fa35e55d21d887990febb2ab158baac005755ae1825904cf8f2971a10e75e135fa350c40ac841815ddeb2fd5c9da2d7b350e9c509f027b0

  • SSDEEP

    768:C2wkbG+ulfxDBcy7hCPWLp7BKgRfIa700K/2x6qKDcqVQ1WEx7HyWKpIpTtKP1ZC:CN1LPBcmKWLp7BTei/qVgRHfKJLYd9vr

Score
10/10
mercurialgrabber

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/975244014364270683/FZnH_sfT1E7Axl_7pfCffp86xK6BWVM_UXXb74CN2p4kpHxH_6kuQsuzlglxNPVfnIm6

Signatures

  • Mercurialgrabber family
    mercurialgrabber
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • RGF-main.zip
    .zip

    Password: infected

  • RGF-main/Input.zip
    .zip

    Password: infected

  • RoBrute-master/LICENSE
  • RoBrute-master/README.md
  • RoBrute-master/RoBrute.py
    .py .sh linux
  • RoBrute-master/mainLib.py
  • RoBrute-master/mainLib.pyc
  • RoBrute-master/pass.lst
  • RoBrute-master/proxy.yaml
  • RoBrute-master/requirements.txt
  • RoBrute-master/socks.py
    .py .js
  • RoBrute-master/socks.pyc
  • RGF-main/RBF.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • RGF-main/README.md