General
-
Target
Boosttrapper.exe
-
Size
41KB
-
Sample
240910-yy98ksvamg
-
MD5
6dbeca583b9076080c5906a8390b682f
-
SHA1
2e065578d2014163123a9385127b8089130d5d9b
-
SHA256
c85e0123fb0b3d29aae8881413fde27cb7054640e96f8d8340c41df731bcd7e0
-
SHA512
77e1422802a153a155451796adaf307a5d04496e497ab697d66e030ab2a2b73d956c8fad0a48295230c55922d28eec3375e990bd44f30e8c8a2cc4d3a7416a38
-
SSDEEP
768:uscaIiIq3KHWOJTw3duZSeiWTjHKZKfgm3EhuS:dc1KKHHoXeiWTLF7EcS
Behavioral task
behavioral1
Sample
Boosttrapper.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Boosttrapper.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1283148683948458076/nwSWn_1EUZ_xJZvUQAdPKe2Ale9RGmJpW5fCqCBqQQxxiGuweCIzhQUdNMd16Z7sffgt
Targets
-
-
Target
Boosttrapper.exe
-
Size
41KB
-
MD5
6dbeca583b9076080c5906a8390b682f
-
SHA1
2e065578d2014163123a9385127b8089130d5d9b
-
SHA256
c85e0123fb0b3d29aae8881413fde27cb7054640e96f8d8340c41df731bcd7e0
-
SHA512
77e1422802a153a155451796adaf307a5d04496e497ab697d66e030ab2a2b73d956c8fad0a48295230c55922d28eec3375e990bd44f30e8c8a2cc4d3a7416a38
-
SSDEEP
768:uscaIiIq3KHWOJTw3duZSeiWTjHKZKfgm3EhuS:dc1KKHHoXeiWTLF7EcS
-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1