mercurialgrabber | 4475f0f0fb251027fab5c3b02a72d7a7d030ba08892e5ad3be18bfb7674b609a

General

Target

juangameplaysElJuego.exe
Size

520KB
Sample

241026-z1b91axldw
MD5

6dbf6db459134db2891675f7973ccde5
SHA1

e1092f1c38646b911a1e269d575699d0e2dde9b3
SHA256

4475f0f0fb251027fab5c3b02a72d7a7d030ba08892e5ad3be18bfb7674b609a
SHA512

1ac4cb14c109e93c80744ad6ad7792c6ab86412e0432b140a5faf92e0d9adc101d5ee2285b82a12e844e67bdd4d59e36879a26204d8b20989c26c02c945bc648
SSDEEP

6144:AAx92L79F3QYwB78xkstZMmsvTFwY97x7SykrnIPh7hw8ZPGBPk9krThFWC:AAx92bLwB8qsmvTBNDkrnwzFJomUThc

Score

10^/10

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1294943124694630481/Vc7t1zcSQrJS099-W4Z8zg6xnPq7IAfeqBkgXXwY4JGCvfxDkvKRbJSNQw9hwsU-FnNW

Targets

- Target
  
  juangameplaysElJuego.exe
- Size
  
  520KB
- MD5
  
  6dbf6db459134db2891675f7973ccde5
- SHA1
  
  e1092f1c38646b911a1e269d575699d0e2dde9b3
- SHA256
  
  4475f0f0fb251027fab5c3b02a72d7a7d030ba08892e5ad3be18bfb7674b609a
- SHA512
  
  1ac4cb14c109e93c80744ad6ad7792c6ab86412e0432b140a5faf92e0d9adc101d5ee2285b82a12e844e67bdd4d59e36879a26204d8b20989c26c02c945bc648
- SSDEEP
  
  6144:AAx92L79F3QYwB78xkstZMmsvTFwY97x7SykrnIPh7hw8ZPGBPk9krThFWC:AAx92bLwB8qsmvTBNDkrnwzFJomUThc
Score

10^/10

mercurialgrabber evasion spyware stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Mercurialgrabber family
  mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2