General
-
Target
17de798cb189cb705b5fb50f420827ba90f18e34831dd8b84be013d5d339b01a.exe
-
Size
41KB
-
Sample
240708-bd4hzavdkk
-
MD5
1689dffc1e73cdeb1d9a4e671412816e
-
SHA1
2b60c62d850db0c6f636eb40415883c9ce268fef
-
SHA256
17de798cb189cb705b5fb50f420827ba90f18e34831dd8b84be013d5d339b01a
-
SHA512
11877d9eeeea999092126d248da117a8709786d7ee17653363e25d65289379b7031e3656bf07734f515ca89e194f13c8dc1aa8dce8e83e5d4514a5e632ac056b
-
SSDEEP
768:IscGoA2e8bH5M/Bgw9uZzeHWTjfJCKZKfgm3Eh2K:Pc9e86oeHWTdCF7EMK
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/977976769548255272/WjivQonZRXcZP2_JHbnYGt-N9ZAhJY4ZvmzB8VRuMXHWezW7Oe1HFRaEtPt_IzCPISA6
Targets
-
-
Target
17de798cb189cb705b5fb50f420827ba90f18e34831dd8b84be013d5d339b01a.exe
-
Size
41KB
-
MD5
1689dffc1e73cdeb1d9a4e671412816e
-
SHA1
2b60c62d850db0c6f636eb40415883c9ce268fef
-
SHA256
17de798cb189cb705b5fb50f420827ba90f18e34831dd8b84be013d5d339b01a
-
SHA512
11877d9eeeea999092126d248da117a8709786d7ee17653363e25d65289379b7031e3656bf07734f515ca89e194f13c8dc1aa8dce8e83e5d4514a5e632ac056b
-
SSDEEP
768:IscGoA2e8bH5M/Bgw9uZzeHWTjfJCKZKfgm3Eh2K:Pc9e86oeHWTdCF7EMK
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-