General
-
Target
Beast Spoofer.exe
-
Size
42KB
-
Sample
240630-bx5kda1hkg
-
MD5
cde4ae6f3e1bc1a79f18168e00c6800e
-
SHA1
fe3f428e5ab06970441f95f6931173bfb1e06761
-
SHA256
ff98129af32b9114aeb232c9d9ef6d66b9cdbe8e0b51cb0143b9c1cc08e905e7
-
SHA512
95fb204e8292443c9a16bb01ebda7d9d30c7e0d5df3c25e55076722ed0de071152e2a6ecc912749c11df97989ce842d0f1c1add05ba6015f5086411d69441748
-
SSDEEP
384:AW2z2RHPoE2p3dA9lDHa0RRSgxfYTx5s/XZxIh/2oJEFq5nm3gTAseYKQsLd/Sfz:Z+CFrRMf/uZkL6gTjNKZKfgm3Ehsf
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1256783355140116501/wWke3f7g9s9QOfHgXC4rLAbRbpofaZvMdGFsqgQ7xr2Qm6RvNNQD3M48MNNHqVOoW1Tb
Targets
-
-
Target
Beast Spoofer.exe
-
Size
42KB
-
MD5
cde4ae6f3e1bc1a79f18168e00c6800e
-
SHA1
fe3f428e5ab06970441f95f6931173bfb1e06761
-
SHA256
ff98129af32b9114aeb232c9d9ef6d66b9cdbe8e0b51cb0143b9c1cc08e905e7
-
SHA512
95fb204e8292443c9a16bb01ebda7d9d30c7e0d5df3c25e55076722ed0de071152e2a6ecc912749c11df97989ce842d0f1c1add05ba6015f5086411d69441748
-
SSDEEP
384:AW2z2RHPoE2p3dA9lDHa0RRSgxfYTx5s/XZxIh/2oJEFq5nm3gTAseYKQsLd/Sfz:Z+CFrRMf/uZkL6gTjNKZKfgm3Ehsf
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-