empyrean | d7a9021b90b6bd951920b6bb581908454bf73c2147a6a39c26dd16fc85244bf2

Resubmissions

25/07/2024, 21:58

240725-1vjmkaxcql 10

25/07/2024, 21:52

240725-1rgc2axbjp 10

Sharing

Copy URL

Twitter E-mail

General

Target

Mercurial.zip
Size

17.9MB
Sample

240725-1rgc2axbjp
MD5

26899a650cebc06e617ebebb7a7a18b0
SHA1

2735474da79cd0f55da18f80ce73c760028f6c4d
SHA256

d7a9021b90b6bd951920b6bb581908454bf73c2147a6a39c26dd16fc85244bf2
SHA512

2492023f248288821a66c81dc653bc13422735065e8b4531ce27ed364c4fceca4e644b8c6ea2401b4ffd70a43b137cb2ad57f350265d08319f5db6c086d2913c
SSDEEP

393216:aIcdIcFHnVHefqkYpRiomc66NQF6vhOU5d:aRdIcFHnV+fDYO8qwEU5d

Score

10^/10

Malware Config

Targets

- Target
  
  Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial.lnk
- Size
  
  2KB
- MD5
  
  eb68bc0392314c8848b235eb8f1481ad
- SHA1
  
  a62663db5c43c4a5f144e4d8530cc3936392795f
- SHA256
  
  8dde8d33a446801147e773e6a2d468f3493b75a8604fecb40d76f6d4cac27e1b
- SHA512
  
  e7f2ff03a34e938962e7847b6ec6390b8978567cf279d2644d07b9371e2e7748d1cb2374a08ab3d4c24748b52d1e953323e8d2b7f17a5ce13b4638ac52c98680
Score

9^/10

credential_access discovery persistence privilege_escalation stealer upx
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Mercurial.exe
- Size
  
  17.9MB
- MD5
  
  de3d9bc8e4813084e2c2a8cdebd02d3f
- SHA1
  
  a416b246e20bbcb37db35b0a4a36b917da34dfd7
- SHA256
  
  23a9e3fe0e20da93ccf9b8208cc852c5199fc4dc2489276ef0adaefd6a1aa25a
- SHA512
  
  eaa36e3d73a56e25e8980828db19a0f5bca23664e0d4f652d5f7d11c0552f46142e468ba2df4c59225e93685dad3653c98fa011e7de726bd041626a43a8ac12b
- SSDEEP
  
  393216:AqPuYXJBft6k/m3pgDOEkSgsvLgf/3Jo:BPuYXJBf0kKlAzgfRo
Score

9^/10

upx credential_access discovery persistence privilege_escalation spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Properties/Resources.Designer.cs
- Size
  
  12KB
- MD5
  
  e7bbd3ec488fd9a129f346636fdb6816
- SHA1
  
  d481a7f1f0baea15eb14480ea31c965a598c8fdc
- SHA256
  
  a5348378d71c60545fe383b1fce151c6d8d6081b9c3bbedcc58ab8da5c45f6b7
- SHA512
  
  11f667bacbad2d3ea042a67d25b3e4c2f73ccd7d91bf4a1ce270036b71c32fd2965c260df78455540f66190795532e8dafc3b2dce8082b50dcb12fa31c936883
- SSDEEP
  
  384:agKx1K1HBhTHphgnGhg0RShguW0AEthgMKchgJ37:lDTHbOA/R8cEfTKmi7
Score

1^/10
behavioral5 behavioral6
- Target
  
  Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Properties/Resources.resx
- Size
  
  7KB
- MD5
  
  58467f11104425fb5a573c71dbd37b3b
- SHA1
  
  8319ab7aacb06d06162a66cfdf0b97376cfd68e3
- SHA256
  
  df4a76464b02f4f7ee34aca6ca710ea0e770e62126f0ba49df74d3a548ffedc6
- SHA512
  
  a345e33b7e87c06aedb143f6b80c145b408c32e5fdf472768c5c0ada0c63a7c6e70ce5f114ce973a1b53633ee6249981b20cef9411a45a84c81497a08ef4bed4
- SSDEEP
  
  192:Zf+tLPfYnLvFVOiFQaUD7Ug94E2Km2y+2hb2ZT2392WK2cU2jh2X92+:Zf+tLPQnLvDOiFQXD7Ug12H2h2x2R2NT
Score

1^/10
behavioral7 behavioral8
- Target
  
  Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/AesGcm.cs
- Size
  
  5KB
- MD5
  
  f2377a77efc93d8f72a0d26931a269c7
- SHA1
  
  664c5d78dda24851864326619eb80121c6c7e76c
- SHA256
  
  7469f986176f35936b67ef76eb7525cc4b970870a852777b5802c16b4d401ca9
- SHA512
  
  5f65eccf6b3d3736ce93f0b28ab0b9f9ba24144891458647f09738d196d2e04803b7294b345382ba62607617e8b3cd229270caa526425768ee18e990a55ec2dc
- SSDEEP
  
  96:JjMXclvkCl1IMF+lNlUgQldKlySSfd1FC4MJ4UabIL:h8CPIeyfUgIdmySUGn4UakL
Score

3^/10

discovery execution
behavioral10 behavioral9
- Target
  
  Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Browser.cs
- Size
  
  7KB
- MD5
  
  c415b2031fabcbcb6a5007d988a14355
- SHA1
  
  7fcfd7b387fd08700ff9570e5ec10ead9488b649
- SHA256
  
  33f92b991af62d99299b95998fbec26b25fc2054f2572150c89fca594824758a
- SHA512
  
  9ed10b0768ddf90a2cae06eb4923e1f43659bfa39aa01f92b222809195f9e4df679b23201722238e3b1cee856d97fa150243238763e0f67b7ad1d25d3b22135d
- SSDEEP
  
  192:QA5fJUyUOzllsWbzpQv33V2vXqGHMvK6tGRO79yp+ggX6vL:VwOEWbzqH2XqfKFf+1O
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Common.cs
- Size
  
  2KB
- MD5
  
  be28593f99ed1c9d586ff11fe231692f
- SHA1
  
  18a95ea4f4aedf384fe885a856904d235216e021
- SHA256
  
  555ab4fbe718589fdfbd39007c7840bf50822fdaeb781a94e05a99c7784b0c4a
- SHA512
  
  7d3a8819f2ee4c2bc052730c080ba6df2c2684c0fb8caefe695254d0b14289b029cfdbdc5d48591b6a091b16dfe45720d833ecaf7f73ee066ae61dfd9a33b769
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Grabber.cs
- Size
  
  4KB
- MD5
  
  11e1326e7a72627aa57b2d0449ffcc75
- SHA1
  
  97ba9b8d6cebacf6de762d1052bab1a1d7a8bb07
- SHA256
  
  1b3efea0c78f1caada48c61c672dab02bed5d9326d5dee83220abe6ece1cf5cf
- SHA512
  
  5afab603fabf1227471e88d64daf3be66a82bb0bb48e11b68427ac04791ddabb2577b43403a5ee184638a4190a2a5a81b9512fed0f383d1cd0b15bb3fcc759b0
- SSDEEP
  
  96:Jj4Y26KV7VPR+7Gs591qaq8IyI2SCfK1zMu8Bywy8RVV+QjykQfgKhL:iFPv+7H591qaq8IyHSCcz1Cywy8RVV+F
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Machine.cs
- Size
  
  6KB
- MD5
  
  cd6356021fc591d6b5b3f9f8eae24415
- SHA1
  
  f620ed211d76caaa6fe8e82cf76f833a9994bd67
- SHA256
  
  53efd19d43814969acd579b6003273971baa31a25905eb536b50b0c9615c9018
- SHA512
  
  b6511d0c97473086e5b6c578d3130082d197b7bd8e2f82db33c97c2f01606b48d10ea4cbcfa7343d0b40d6602967c157ec14b675d9407a1e3e045b462865d660
- SSDEEP
  
  192:+khfoitAbWfWW2C9WFYCMCyvwXcxCTqUGup3X19L:Ar
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Program.cs
- Size
  
  9KB
- MD5
  
  f945d3beeb05d37ee2c723197b15a19e
- SHA1
  
  b64792711caca858a522317c01899f0ab55913f0
- SHA256
  
  c4d8efc12d3083a1367b396a1000f7ac978673e673d9d7db334836a3a469a5fa
- SHA512
  
  afd63758153c59e9ba06afad277623e46ebe77cdaa364b6a16c8c8d5ecd2a4fe27ecf9cc5d0fc4b0507e6a01f5c6bbf3ad388af2e1f7792040dc04b9e6071117
- SSDEEP
  
  192:iFPhRrA43Dt56B0WOGXSCHKXXOCNegUz++TwA8BYs6S6vSdfCPyY1KMQCjGEZ:ithRrAqD7GY0gUzcpBY1
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Webhook.cs
- Size
  
  10KB
- MD5
  
  167312d0bd902f5d9511bb5b66cb225f
- SHA1
  
  66c4f63ca7e0332ba781d4b1650f36b0e811d085
- SHA256
  
  c6306d6bbfc3d62454f8d33cd5daf7e01f1938be38cc1c61eefa2f4f25e0ec8c
- SHA512
  
  a692f9f1e24423ca6787cf618a296d4805ed5ec02bb39754413d37b536032488b874d4999f10a3a8d524dce47e82091b73edc194f19394d04057f6018771c743
- SSDEEP
  
  192:iFPGQeyzXjwwIsl9DHk1qmVTJYUAB91LXT4OUr2yiBQbTsAJAZT6xV82+ItuKxAH:itGQfjwVk9DHk3NJYUAB91Lkn3YZ
Score

3^/10

execution
behavioral21 behavioral22