General
-
Target
5ed037dc09a7e491d10abb6b145dcc4a_JaffaCakes118
-
Size
41KB
-
Sample
241019-1kfsxssfmj
-
MD5
5ed037dc09a7e491d10abb6b145dcc4a
-
SHA1
9612709b6ada303343ef70dfeff22c57c37b4f48
-
SHA256
50f9641d40ec65144962c2b3413008fb84206789392cca8dfd0fbfc67d3f8c9c
-
SHA512
643d37587ae35ae00505bd104bd87071f44e72f65a8cc16ef24c08ef5b1dca6c552c6959ce31448db9ee495d3669639c750fec6d2590ec71e3508ec489b8c7e8
-
SSDEEP
768:vscG4AZOA/gB1w9zuZ+e3WTjgKZKfgm3EhSf:EckJgBge3WTMF7Ekf
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/874250375874629673/S_RF-uZTHriSpuDv5nn-kEKcOozJiO939ph_60RHzZ4x1n2lxIGHKSD0NpZRTs9B5RhC
Targets
-
-
Target
5ed037dc09a7e491d10abb6b145dcc4a_JaffaCakes118
-
Size
41KB
-
MD5
5ed037dc09a7e491d10abb6b145dcc4a
-
SHA1
9612709b6ada303343ef70dfeff22c57c37b4f48
-
SHA256
50f9641d40ec65144962c2b3413008fb84206789392cca8dfd0fbfc67d3f8c9c
-
SHA512
643d37587ae35ae00505bd104bd87071f44e72f65a8cc16ef24c08ef5b1dca6c552c6959ce31448db9ee495d3669639c750fec6d2590ec71e3508ec489b8c7e8
-
SSDEEP
768:vscG4AZOA/gB1w9zuZ+e3WTjgKZKfgm3EhSf:EckJgBge3WTMF7Ekf
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1