Overview
overview
10Static
static
10Mercurial-...al.lnk
windows7-x64
3Mercurial-...al.lnk
windows10-2004-x64
9Mercurial-...al.exe
windows7-x64
7Mercurial-...al.exe
windows10-2004-x64
9Mercurial-...er.vbs
windows7-x64
1Mercurial-...er.vbs
windows10-2004-x64
1Mercurial-...es.vbs
windows7-x64
1Mercurial-...es.vbs
windows10-2004-x64
1Mercurial-...Gcm.js
windows7-x64
3Mercurial-...Gcm.js
windows10-2004-x64
3Mercurial-...ser.js
windows7-x64
3Mercurial-...ser.js
windows10-2004-x64
3Mercurial-...mon.js
windows7-x64
3Mercurial-...mon.js
windows10-2004-x64
3Mercurial-...ber.js
windows7-x64
3Mercurial-...ber.js
windows10-2004-x64
3Mercurial-...ine.js
windows7-x64
3Mercurial-...ine.js
windows10-2004-x64
3Mercurial-...ram.js
windows7-x64
3Mercurial-...ram.js
windows10-2004-x64
3Mercurial-...ook.js
windows7-x64
3Mercurial-...ook.js
windows10-2004-x64
3General
-
Target
Mercurial.zip
-
Size
17.9MB
-
Sample
240725-1rgc2axbjp
-
MD5
26899a650cebc06e617ebebb7a7a18b0
-
SHA1
2735474da79cd0f55da18f80ce73c760028f6c4d
-
SHA256
d7a9021b90b6bd951920b6bb581908454bf73c2147a6a39c26dd16fc85244bf2
-
SHA512
2492023f248288821a66c81dc653bc13422735065e8b4531ce27ed364c4fceca4e644b8c6ea2401b4ffd70a43b137cb2ad57f350265d08319f5db6c086d2913c
-
SSDEEP
393216:aIcdIcFHnVHefqkYpRiomc66NQF6vhOU5d:aRdIcFHnV+fDYO8qwEU5d
Behavioral task
behavioral1
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial.lnk
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial.lnk
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Mercurial.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Mercurial.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Properties/Resources.Designer.vbs
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Properties/Resources.Designer.vbs
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Properties/Resources.vbs
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Properties/Resources.vbs
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/AesGcm.js
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/AesGcm.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Browser.js
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Browser.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Common.js
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Common.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Grabber.js
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Grabber.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Machine.js
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Machine.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Program.js
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Program.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Webhook.js
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Webhook.js
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial.lnk
-
Size
2KB
-
MD5
eb68bc0392314c8848b235eb8f1481ad
-
SHA1
a62663db5c43c4a5f144e4d8530cc3936392795f
-
SHA256
8dde8d33a446801147e773e6a2d468f3493b75a8604fecb40d76f6d4cac27e1b
-
SHA512
e7f2ff03a34e938962e7847b6ec6390b8978567cf279d2644d07b9371e2e7748d1cb2374a08ab3d4c24748b52d1e953323e8d2b7f17a5ce13b4638ac52c98680
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Mercurial.exe
-
Size
17.9MB
-
MD5
de3d9bc8e4813084e2c2a8cdebd02d3f
-
SHA1
a416b246e20bbcb37db35b0a4a36b917da34dfd7
-
SHA256
23a9e3fe0e20da93ccf9b8208cc852c5199fc4dc2489276ef0adaefd6a1aa25a
-
SHA512
eaa36e3d73a56e25e8980828db19a0f5bca23664e0d4f652d5f7d11c0552f46142e468ba2df4c59225e93685dad3653c98fa011e7de726bd041626a43a8ac12b
-
SSDEEP
393216:AqPuYXJBft6k/m3pgDOEkSgsvLgf/3Jo:BPuYXJBf0kKlAzgfRo
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Properties/Resources.Designer.cs
-
Size
12KB
-
MD5
e7bbd3ec488fd9a129f346636fdb6816
-
SHA1
d481a7f1f0baea15eb14480ea31c965a598c8fdc
-
SHA256
a5348378d71c60545fe383b1fce151c6d8d6081b9c3bbedcc58ab8da5c45f6b7
-
SHA512
11f667bacbad2d3ea042a67d25b3e4c2f73ccd7d91bf4a1ce270036b71c32fd2965c260df78455540f66190795532e8dafc3b2dce8082b50dcb12fa31c936883
-
SSDEEP
384:agKx1K1HBhTHphgnGhg0RShguW0AEthgMKchgJ37:lDTHbOA/R8cEfTKmi7
Score1/10 -
-
-
Target
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Properties/Resources.resx
-
Size
7KB
-
MD5
58467f11104425fb5a573c71dbd37b3b
-
SHA1
8319ab7aacb06d06162a66cfdf0b97376cfd68e3
-
SHA256
df4a76464b02f4f7ee34aca6ca710ea0e770e62126f0ba49df74d3a548ffedc6
-
SHA512
a345e33b7e87c06aedb143f6b80c145b408c32e5fdf472768c5c0ada0c63a7c6e70ce5f114ce973a1b53633ee6249981b20cef9411a45a84c81497a08ef4bed4
-
SSDEEP
192:Zf+tLPfYnLvFVOiFQaUD7Ug94E2Km2y+2hb2ZT2392WK2cU2jh2X92+:Zf+tLPQnLvDOiFQXD7Ug12H2h2x2R2NT
Score1/10 -
-
-
Target
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/AesGcm.cs
-
Size
5KB
-
MD5
f2377a77efc93d8f72a0d26931a269c7
-
SHA1
664c5d78dda24851864326619eb80121c6c7e76c
-
SHA256
7469f986176f35936b67ef76eb7525cc4b970870a852777b5802c16b4d401ca9
-
SHA512
5f65eccf6b3d3736ce93f0b28ab0b9f9ba24144891458647f09738d196d2e04803b7294b345382ba62607617e8b3cd229270caa526425768ee18e990a55ec2dc
-
SSDEEP
96:JjMXclvkCl1IMF+lNlUgQldKlySSfd1FC4MJ4UabIL:h8CPIeyfUgIdmySUGn4UakL
-
-
-
Target
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Browser.cs
-
Size
7KB
-
MD5
c415b2031fabcbcb6a5007d988a14355
-
SHA1
7fcfd7b387fd08700ff9570e5ec10ead9488b649
-
SHA256
33f92b991af62d99299b95998fbec26b25fc2054f2572150c89fca594824758a
-
SHA512
9ed10b0768ddf90a2cae06eb4923e1f43659bfa39aa01f92b222809195f9e4df679b23201722238e3b1cee856d97fa150243238763e0f67b7ad1d25d3b22135d
-
SSDEEP
192:QA5fJUyUOzllsWbzpQv33V2vXqGHMvK6tGRO79yp+ggX6vL:VwOEWbzqH2XqfKFf+1O
Score3/10 -
-
-
Target
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Common.cs
-
Size
2KB
-
MD5
be28593f99ed1c9d586ff11fe231692f
-
SHA1
18a95ea4f4aedf384fe885a856904d235216e021
-
SHA256
555ab4fbe718589fdfbd39007c7840bf50822fdaeb781a94e05a99c7784b0c4a
-
SHA512
7d3a8819f2ee4c2bc052730c080ba6df2c2684c0fb8caefe695254d0b14289b029cfdbdc5d48591b6a091b16dfe45720d833ecaf7f73ee066ae61dfd9a33b769
Score3/10 -
-
-
Target
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Grabber.cs
-
Size
4KB
-
MD5
11e1326e7a72627aa57b2d0449ffcc75
-
SHA1
97ba9b8d6cebacf6de762d1052bab1a1d7a8bb07
-
SHA256
1b3efea0c78f1caada48c61c672dab02bed5d9326d5dee83220abe6ece1cf5cf
-
SHA512
5afab603fabf1227471e88d64daf3be66a82bb0bb48e11b68427ac04791ddabb2577b43403a5ee184638a4190a2a5a81b9512fed0f383d1cd0b15bb3fcc759b0
-
SSDEEP
96:Jj4Y26KV7VPR+7Gs591qaq8IyI2SCfK1zMu8Bywy8RVV+QjykQfgKhL:iFPv+7H591qaq8IyHSCcz1Cywy8RVV+F
Score3/10 -
-
-
Target
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Machine.cs
-
Size
6KB
-
MD5
cd6356021fc591d6b5b3f9f8eae24415
-
SHA1
f620ed211d76caaa6fe8e82cf76f833a9994bd67
-
SHA256
53efd19d43814969acd579b6003273971baa31a25905eb536b50b0c9615c9018
-
SHA512
b6511d0c97473086e5b6c578d3130082d197b7bd8e2f82db33c97c2f01606b48d10ea4cbcfa7343d0b40d6602967c157ec14b675d9407a1e3e045b462865d660
-
SSDEEP
192:+khfoitAbWfWW2C9WFYCMCyvwXcxCTqUGup3X19L:Ar
Score3/10 -
-
-
Target
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Program.cs
-
Size
9KB
-
MD5
f945d3beeb05d37ee2c723197b15a19e
-
SHA1
b64792711caca858a522317c01899f0ab55913f0
-
SHA256
c4d8efc12d3083a1367b396a1000f7ac978673e673d9d7db334836a3a469a5fa
-
SHA512
afd63758153c59e9ba06afad277623e46ebe77cdaa364b6a16c8c8d5ecd2a4fe27ecf9cc5d0fc4b0507e6a01f5c6bbf3ad388af2e1f7792040dc04b9e6071117
-
SSDEEP
192:iFPhRrA43Dt56B0WOGXSCHKXXOCNegUz++TwA8BYs6S6vSdfCPyY1KMQCjGEZ:ithRrAqD7GY0gUzcpBY1
Score3/10 -
-
-
Target
Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Webhook.cs
-
Size
10KB
-
MD5
167312d0bd902f5d9511bb5b66cb225f
-
SHA1
66c4f63ca7e0332ba781d4b1650f36b0e811d085
-
SHA256
c6306d6bbfc3d62454f8d33cd5daf7e01f1938be38cc1c61eefa2f4f25e0ec8c
-
SHA512
a692f9f1e24423ca6787cf618a296d4805ed5ec02bb39754413d37b536032488b874d4999f10a3a8d524dce47e82091b73edc194f19394d04057f6018771c743
-
SSDEEP
192:iFPGQeyzXjwwIsl9DHk1qmVTJYUAB91LXT4OUr2yiBQbTsAJAZT6xV82+ItuKxAH:itGQfjwVk9DHk3NJYUAB91Lkn3YZ
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1