General
-
Target
output.exe
-
Size
41KB
-
Sample
240805-rqvdtsydjp
-
MD5
7d65249804f8c4475ac8a5b3ba75410d
-
SHA1
9a8ae77352022bf3b624fbaa12f5e119efff18a0
-
SHA256
2e1aaca7fe166e5b90e216a0f60166e1f50bf62a852facb3e553629180435c76
-
SHA512
ed9f3798c1bdb3f980a20ed064b0f79957ce0ccb21d770ef1ef2483bbf45fe15972e9af0c966980c53c4d4f1c10f8cadcaa452ba26b501aa364c1bcdf8977c0b
-
SSDEEP
768:UscoSf3GMXfT6axpDXswguZkeQWTjxKZKfgm3EhFq:7coSfnxEeQWTlF7EHq
Malware Config
Targets
-
-
Target
output.exe
-
Size
41KB
-
MD5
7d65249804f8c4475ac8a5b3ba75410d
-
SHA1
9a8ae77352022bf3b624fbaa12f5e119efff18a0
-
SHA256
2e1aaca7fe166e5b90e216a0f60166e1f50bf62a852facb3e553629180435c76
-
SHA512
ed9f3798c1bdb3f980a20ed064b0f79957ce0ccb21d770ef1ef2483bbf45fe15972e9af0c966980c53c4d4f1c10f8cadcaa452ba26b501aa364c1bcdf8977c0b
-
SSDEEP
768:UscoSf3GMXfT6axpDXswguZkeQWTjxKZKfgm3EhFq:7coSfnxEeQWTlF7EHq
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1