Overview

overview

10

Static

static

10

Executor.zip

windows7-x64

1

Executor.zip

windows10-2004-x64

1

Executor.exe

windows7-x64

10

Executor.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Executor.zip

  • Size

    18KB

  • Sample

    240910-x7g3qasdke

  • MD5

    7bf969fbab5e640eef3966724203975e

  • SHA1

    0ffe09af1635c46cccb6966631be47b37fbbdf6e

  • SHA256

    99d2e3c0ec9e8192f966ad052c8ba89826f36eab367027021498ac9dcb315f2e

  • SHA512

    c17054677218852998b101db916d5d6d01da554331e746fa7293b5de3c87059137983f57469fd8a7f590e45b39e9b44f8a8b16b3196aded01a82655d46040a1e

  • SSDEEP

    384:0+9A2hqpk/YsZ2516OGmxOYi8OJ8x/pVFjNg2Nl8UuMXrjxQfYQdfy8:Z9FezD6tKOYi8OJcxVFjN9NKUrzQR

Score
10/10
mercurialgrabbercredential_accessevasionspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1283129065590489211/dEU2uHt9OcimjvWOVka-qrppiq2WKyMjW0QOJzCKDx9yJv76ewzma8jOcUZOGqbMoepy

Targets

    • Target

      Executor.zip

    • Size

      18KB

    • MD5

      7bf969fbab5e640eef3966724203975e

    • SHA1

      0ffe09af1635c46cccb6966631be47b37fbbdf6e

    • SHA256

      99d2e3c0ec9e8192f966ad052c8ba89826f36eab367027021498ac9dcb315f2e

    • SHA512

      c17054677218852998b101db916d5d6d01da554331e746fa7293b5de3c87059137983f57469fd8a7f590e45b39e9b44f8a8b16b3196aded01a82655d46040a1e

    • SSDEEP

      384:0+9A2hqpk/YsZ2516OGmxOYi8OJ8x/pVFjNg2Nl8UuMXrjxQfYQdfy8:Z9FezD6tKOYi8OJcxVFjN9NKUrzQR

    Score
    1/10
    behavioral1behavioral2

    • Target

      Executor.exe

    • Size

      41KB

    • MD5

      82a090b7bd4ba38852f6945bb73d4604

    • SHA1

      f13d74c1acc8c595d49088f98652f09ae563b227

    • SHA256

      d51cc213190d73d035e5a51b928ec1563b95a8cbe0fee8cd5f736365cf91865b

    • SHA512

      03f63c734b515dd1d960904fa87350d1b95d2848b6603ef365c6a2eb599a0b90ed39c7d5ea02c8ed4138a420be8f6a0805cee252a0cf2e12023b5aabcf2ba963

    • SSDEEP

      768:iscaIyI97QT+xBcw7uZse8WTjjKZKfgm3EhwF:xc1zQTIe8WT/F7EOF

    Score
    10/10
    mercurialgrabberevasionspywarestealercredential_access

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

      stealermercurialgrabber

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks