mercurialgrabber | db434dc504c1bd8629cbece2f8eabbbb7a117afc1fe0122f17b0f05ee5475206

Analysis

max time kernel
3s
max time network
7s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 14:39

Target

dgfdgdfgd.exe
Size

42KB
MD5

36c90b68ab72ea83dc82c14bf6e9c2be
SHA1

77146308f17fd04154d4a8c8a01007dc9751ca24
SHA256

db434dc504c1bd8629cbece2f8eabbbb7a117afc1fe0122f17b0f05ee5475206
SHA512

8f827f1689690fe321ddc0830ec1314af1feef662f7184892ad36f9f94d9bdca749260787bf7682a2c6a19f6235d76868a44c372dc3970cb20ec280758fd2a93
SSDEEP

768:Mlf2YdxCGPQ7YBjuZULKyTjK+KZKfgm3EhGNvI:+xfBNLKyT++F7EQt

Score

10^/10

Family

mercurialgrabber

https://discord.com/api/webhooks/1279811717064298516/LM9QiJBoWZBrAcu-UtYHyKA5Pmpx3LQZ5AG3Hy0Wlj8vMTk-O_wqaHG4FPXD9lG_xxdb

Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
stealer mercurialgrabber

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	ip4.seeip.org

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2352	dgfdgdfgd.exe

C:\Users\Admin\AppData\Local\Temp\dgfdgdfgd.exe
"C:\Users\Admin\AppData\Local\Temp\dgfdgdfgd.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2352

memory/2352-0-0x000007FEF5443000-0x000007FEF5444000-memory.dmp

Filesize
4KB

Download
memory/2352-1-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/2352-2-0x000007FEF5440000-0x000007FEF5E2C000-memory.dmp

Filesize
9.9MB

Download