General
-
Target
winexp.exe
-
Size
41KB
-
MD5
4bf891cfc08eec97612d5b8746415751
-
SHA1
00420781edbf19e98678690c9aff8f9502b9c28f
-
SHA256
89071a9ed3ae34cea82b6f3269a14f60e48f31a6d843b1c21930316e8224e588
-
SHA512
bf535ee7b8e25a6e76cbfd0bde876fc9f06206a46c4c34d849a65b9637b5c7600d0da5e8c2e84dbb19b3b6503644008a60cc286e1f6bf19647124f586e5b8f8e
-
SSDEEP
768:rscaIyIqfT6axpDXswEuZseoWTjLMKZKfgm3EhQD:wc1YfnxkeoWTsF7EaD
Score
10/10
Malware Config
Extracted
Family
mercurialgrabber
C2
https://discord.com/api/webhooks/1285311347256725576/tyLCCzi8G5LtuHGxSFah1PosAjhMWDRh0iSyBBhaaIKMcb4pzn4VxCQzgH3ih1nyaS4X
Signatures
-
Mercurialgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
winexp.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections