Analysis
-
max time kernel
140s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-10-2024 21:42
General
-
Target
5ed037dc09a7e491d10abb6b145dcc4a_JaffaCakes118.exe
-
Size
41KB
-
MD5
5ed037dc09a7e491d10abb6b145dcc4a
-
SHA1
9612709b6ada303343ef70dfeff22c57c37b4f48
-
SHA256
50f9641d40ec65144962c2b3413008fb84206789392cca8dfd0fbfc67d3f8c9c
-
SHA512
643d37587ae35ae00505bd104bd87071f44e72f65a8cc16ef24c08ef5b1dca6c552c6959ce31448db9ee495d3669639c750fec6d2590ec71e3508ec489b8c7e8
-
SSDEEP
768:vscG4AZOA/gB1w9zuZ+e3WTjgKZKfgm3EhSf:EckJgBge3WTMF7Ekf
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/874250375874629673/S_RF-uZTHriSpuDv5nn-kEKcOozJiO939ph_60RHzZ4x1n2lxIGHKSD0NpZRTs9B5RhC
Signatures
-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
-
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Checks SCSI registry key(s) 3 TTPs 1 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5ed037dc09a7e491d10abb6b145dcc4a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ed037dc09a7e491d10abb6b145dcc4a_JaffaCakes118.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Maps connected drives based on registry
- Checks SCSI registry key(s)
- Enumerates system info in registry
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
64KB