Overview

overview

10

Static

static

10

Beast Spoofer.exe

windows7-x64

10

Beast Spoofer.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Beast Spoofer.exe

  • Size

    42KB

  • Sample

    240630-bx5kda1hkg

  • MD5

    cde4ae6f3e1bc1a79f18168e00c6800e

  • SHA1

    fe3f428e5ab06970441f95f6931173bfb1e06761

  • SHA256

    ff98129af32b9114aeb232c9d9ef6d66b9cdbe8e0b51cb0143b9c1cc08e905e7

  • SHA512

    95fb204e8292443c9a16bb01ebda7d9d30c7e0d5df3c25e55076722ed0de071152e2a6ecc912749c11df97989ce842d0f1c1add05ba6015f5086411d69441748

  • SSDEEP

    384:AW2z2RHPoE2p3dA9lDHa0RRSgxfYTx5s/XZxIh/2oJEFq5nm3gTAseYKQsLd/Sfz:Z+CFrRMf/uZkL6gTjNKZKfgm3Ehsf

Score
10/10
mercurialgrabberevasionspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1256783355140116501/wWke3f7g9s9QOfHgXC4rLAbRbpofaZvMdGFsqgQ7xr2Qm6RvNNQD3M48MNNHqVOoW1Tb

Targets

    • Target

      Beast Spoofer.exe

    • Size

      42KB

    • MD5

      cde4ae6f3e1bc1a79f18168e00c6800e

    • SHA1

      fe3f428e5ab06970441f95f6931173bfb1e06761

    • SHA256

      ff98129af32b9114aeb232c9d9ef6d66b9cdbe8e0b51cb0143b9c1cc08e905e7

    • SHA512

      95fb204e8292443c9a16bb01ebda7d9d30c7e0d5df3c25e55076722ed0de071152e2a6ecc912749c11df97989ce842d0f1c1add05ba6015f5086411d69441748

    • SSDEEP

      384:AW2z2RHPoE2p3dA9lDHa0RRSgxfYTx5s/XZxIh/2oJEFq5nm3gTAseYKQsLd/Sfz:Z+CFrRMf/uZkL6gTjNKZKfgm3Ehsf

    Score
    10/10
    mercurialgrabberevasionspywarestealer

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

      stealermercurialgrabber

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks