mercurialgrabber | 0322b2e9e03e89d6921697c051c2ac2a88d86a7d4844a414625ee5b037750ffa | Triage

Submit
Reports

Overview

overview

Static

static

Hydrogen_E...V3.exe

windows11-21h2-x64

Sharing

General

Target

12-05-2024_VsR7rG6Jr8LYsPu.zip
Size

29KB
Sample

240512-yhjexsgd42
MD5

5685580fb8a21e5009adabc81da24be0
SHA1

a4c28af1de9628b634eb78d09daf9518e8844e52
SHA256

0322b2e9e03e89d6921697c051c2ac2a88d86a7d4844a414625ee5b037750ffa
SHA512

801d98e147da86a61028832083dd983133b12165a7cb375a37f99488517fa475d6ccfd27df3090582cae27aa9df00de93f6f49a1686c0500b79289dad714f4c4
SSDEEP

384:tdhnMxIkWVR4p6EmU32FtydUGopiABMWz74lbhnukY3uMp82GXGlb6oXCL8:tdgNWU6EyHGo3DQXnTYfpXQG5b

Score

10^/10

mercurialgrabber evasion spyware stealer

Static task

static1

mercurialgrabber

2 signatures

Behavioral task

behavioral1

Sample

Hydrogen_Executor_V3.exe

Resource

win11-20240426-en

mercurialgrabber evasion spyware stealer

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1239296125064974418/PUgXB5FXV6rG9VgXFqZRFI0mCViixOJ8UuqFBuJflxFjy8K_1Bnlcsm6oiqDYfXj8zlI

Targets

- Target
  
  Hydrogen_Executor_V3.exe
- Size
  
  190KB
- MD5
  
  1399f90b10f8ba4e8894844b637c3674
- SHA1
  
  c4b55243750434a4ffc5e654c9301bed89c53a9b
- SHA256
  
  9ee7472a507976b837fa9b21959b942b1a488f28a6746f0540b6936b938c16d9
- SHA512
  
  729f4e45ac49780c79569e577c2b6c9e76908dcf6c66b7b35aae5e9055ec3242387510dbae671617e9c56dc5fab68220061a7466e12eeccc4ad41ed9d0b4a068
- SSDEEP
  
  1536:cc1ZubZumexWTkF7ELjxNYK/HqJLG+Pr:R1ZubfecTkF7EHrfqPr
Score

10^/10

mercurialgrabber evasion spyware stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberevasionspywarestealer

© 2018-2025

Terms | Privacy