mercurialgrabber | ae4a32903df0368de23e48a70ac06c6b8f048a242e4eccf183f25be765166a48 | Triage

Sharing

General

Target

PLigma32.rar
Size

138KB
Sample

241023-vwnp1s1gjd
MD5

262115caacd6bc77afeed8beff0c22a6
SHA1

b1548d03404840c5bbb531fa8c81c81f3c24c529
SHA256

ae4a32903df0368de23e48a70ac06c6b8f048a242e4eccf183f25be765166a48
SHA512

86fec468e87fb6e0d2d48f54b50b814050f87e56498e2e7673fd056a59b12ac365e25896f0b1749fc872cd38d65ae9edc91788dafce73fb975e1d289eea4cda9
SSDEEP

3072:3n7C25mwIvuE6Ka6WySccrHGsN7yGjB88F1mU71TyC/h1s5SZfCm0OX:3f+u4grHGsrt4QhJySMQX

Score

10^/10

mercurialgrabber spyware stealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1297265064231043205/XDHM7OLDiEUDyMSpEP52XAoWoKDKd3t7MNGzJiC2bpD_qwj3W3pzZgwHIT-aArktzD8U

Targets

- Target
  
  PLigma32/ProjectLigmaV2.0.0.exe
- Size
  
  217KB
- MD5
  
  6f01ea85513ed933da12cce31ccb9f3c
- SHA1
  
  ee7e8adbfd9563cf71b654834756e3117890dff6
- SHA256
  
  618dda19d824d906de30767c1332b45bd945e83a8dc34f32f74664cb7fba4948
- SHA512
  
  f440f4fe4c02447d4c292524fc67debb09faf01146408b77eb84833312e0ee3125c55b45cc23e3b0b6ca300de0c2fe31a809004767e9aed6e2c41c91187ccd4d
- SSDEEP
  
  3072:VrcRLkTCF7E0l3+fqZBI3Ib70yTuZxf3u4CTadMmO8YC+uxFNV9tf6T67NJr0N:eRj5m3IkyTAl3ut2dljB+uxr/t6OPY
Score

10^/10

mercurialgrabber spyware stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberspywarestealer

behavioral2

mercurialgrabberspywarestealer