Overview

overview

10

Static

static

10

CSGO_Rebound.exe

windows7-x64

10

CSGO_Rebound.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CSGO_Rebound.exe

  • Size

    41KB

  • Sample

    240923-a9jb8s1fmb

  • MD5

    38f74fe64c455198c43d478400b202af

  • SHA1

    a82b7a81ce5aa1d6d12ccef6a927de9473e94898

  • SHA256

    d163fe9b92b1f6f44ec58bc05bcbc919f78f9e343d9691f0bb1b8162d3d0087c

  • SHA512

    2376716f957d2dfa56b63bd484ed90f82815064969a2c8cb0074bde931e467e99fd6f96f71732c194c24350e670d83aaafd317b6afe64e59af057bd89f20ec4d

  • SSDEEP

    768:PscaIyIq3PJOJTwf4uZSceKWTj5KZKfgm3Eh0T:kc16PQAoceKWT9F7E+T

Score
10/10
mercurialgrabbercredential_accessevasionspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1287576977489920101/qn6q-HR5nSw72La9tctjugcKDnTYkEdiUMCxvbCQZK9FPD7CNhkDCwvlhZUWz9oa6ach

Targets

    • Target

      CSGO_Rebound.exe

    • Size

      41KB

    • MD5

      38f74fe64c455198c43d478400b202af

    • SHA1

      a82b7a81ce5aa1d6d12ccef6a927de9473e94898

    • SHA256

      d163fe9b92b1f6f44ec58bc05bcbc919f78f9e343d9691f0bb1b8162d3d0087c

    • SHA512

      2376716f957d2dfa56b63bd484ed90f82815064969a2c8cb0074bde931e467e99fd6f96f71732c194c24350e670d83aaafd317b6afe64e59af057bd89f20ec4d

    • SSDEEP

      768:PscaIyIq3PJOJTwf4uZSceKWTj5KZKfgm3Eh0T:kc16PQAoceKWT9F7E+T

    Score
    10/10
    mercurialgrabberevasionspywarestealercredential_access

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

      stealermercurialgrabber

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks