mercurialgrabber | akrien315727800[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

akrien315727800.rar
Size

4.9MB
MD5

3c8b08e4ff2d56c08639764b951b553e
SHA1

41b2315ba593d39165c85ca6b96cbbfa625dc3c1
SHA256

2b4973b609c72e3b6cb5a2aec425b3a70d937b42d9e3a443a4ce956384f29154
SHA512

367ea82445d58dc69fc905208ddde7ba1bcb8a86f869bcdaa1a34154f545dc9f94e94ea466dbe36f17322cd3a01c96d26a7f7f07d712ce3a816a3785fbc96e58
SSDEEP

98304:McjZl79Nrp1Za8y0N5IbPIoym+UZZ+Vi+MyqwdmI8tNb7bZFHr+8suS:lo0IsocUZZOi+Mav8TdF+ruS

Score

10^/10

mercurialgrabber

Malware Config

Signatures

Mercurialgrabber family
mercurialgrabber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/akrien_315727800.exe

Files

akrien315727800.rar
.rar
TrayStatus.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:b2:e0:ae:18:55:72:f2:1d:c9:3e:ea:f1:f1:53:30
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-09-2019 00:00

Not After

12-09-2022 12:00

Subject

SERIALNUMBER=1738539,CN=Binary Fortress Software Ltd,O=Binary Fortress Software Ltd,L=Ottawa,ST=Ontario,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074f6e746172696f,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

83:63:55:2d:76:e1:d3:d7:c3:56:2d:24:4f:d3:87:dd:d9:c5:6f:f1:96:3c:0b:7b:e5:89:83:42:8f:e3:90:d1
Signer

Actual PE Digest

83:63:55:2d:76:e1:d3:d7:c3:56:2d:24:4f:d3:87:dd:d9:c5:6f:f1:96:3c:0b:7b:e5:89:83:42:8f:e3:90:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
akrien_315727800.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:b2:e0:ae:18:55:72:f2:1d:c9:3e:ea:f1:f1:53:30Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

83:63:55:2d:76:e1:d3:d7:c3:56:2d:24:4f:d3:87:dd:d9:c5:6f:f1:96:3c:0b:7b:e5:89:83:42:8f:e3:90:d1Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

Sections

CODE Size: 5KB - Virtual size: 4KB

DATA Size: 512B - Virtual size: 124B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 770B

.tls Size: - Virtual size: 4B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 512B - Virtual size: 456B

.rsrc Size: 3.4MB - Virtual size: 3.4MB

08:b2:e0:ae:18:55:72:f2:1d:c9:3e:ea:f1:f1:53:30
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

83:63:55:2d:76:e1:d3:d7:c3:56:2d:24:4f:d3:87:dd:d9:c5:6f:f1:96:3c:0b:7b:e5:89:83:42:8f:e3:90:d1
Signer

.text
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 5KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 124B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 770B

.tls
Size: - Virtual size: 4B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 512B - Virtual size: 456B

.rsrc
Size: 3.4MB - Virtual size: 3.4MB