mercurialgrabber | 371edb664c31555dac5e695b0f7286115dd94b380c188948bde2f167f030a7d3

Sharing

Copy URL

Twitter E-mail

General

Target

Mercurial.Grabber.v1.03.rar
Size

94KB
Sample

241119-njtxyavnes
MD5

0ec5027161e49223bfbfe40321592511
SHA1

1ba9f950d283058f0b41b0ece5f3becff811fd9c
SHA256

371edb664c31555dac5e695b0f7286115dd94b380c188948bde2f167f030a7d3
SHA512

809b69857661727a2f26cb4c0921e29e012ebbc998b3fe7cc1b6b24d973b51b15cdcb512f38cf37ae220ff346ced85056fedac786db36707c59fea952953133e
SSDEEP

1536:fKsbf1SvOpAtcQZrlImqPqEvSGkbJ4pBJXK/YnNnJbbeygbZuJi:ysjIvJcQZDaqjbuPJXK/cJbbyIi

Score

10^/10

Malware Config

Extracted

Family

mercurialgrabber

https://ptb.discord.com/api/webhooks/895223301373300776/4LFPS81olSXc9Stl05N1nV_de5bp6BZLZwfYl5WydodJ9w8AtEOpBRJrAJDKDvxbtGHz

Targets

- Target
  
  Mercurial Grabber.v1.03/Mercurial.exe
- Size
  
  146KB
- MD5
  
  0bf1054dd4f0ad45f4d5426996dc65bf
- SHA1
  
  64b5fa861128640392dd69a8d224bb467ef68545
- SHA256
  
  56550fecb5b916eac9280f2e20b0a6ea06041e18f88fb39531df029080bdbc7b
- SHA512
  
  d6145e94762ff963ec83f716166c63f8d0e692f3f02ae94732b142c5b177826608906933b1490b0558a381702c7c4eb9877b27583f9cd3e5d294a2df0e66e62e
- SSDEEP
  
  768:vscWcQ20/ave0QSwJuZheVWTj9KZKfgm3Eh2x2egFH4MkaL5PEs:Ec9eVWTBF7E8xUH4QL5cs
Score

10^/10

mercurialgrabber evasion stealer spyware
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Mercurialgrabber family
  mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2
- Target
  
  Mercurial Grabber.v1.03/Mercurial/App.config
- Size
  
  184B
- MD5
  
  cc46a0995713ba7cb577b4bbbedf83e8
- SHA1
  
  6cc50a0e444e33f65d42423195ed045a3a55daf8
- SHA256
  
  5fe1ad802f68d7c47dbbd8e60162ba88abaed162da5d381c85d3e4935311962e
- SHA512
  
  36f5b3acbc520504cfe56e5fe19de2a22ae3d2ddddb4c0eb3e441f884033077fb411e69976c3e250c3ef01189d0e48016bde67a73a0dbc950dd5d8ec7783fd2a
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Mercurial Grabber.v1.03/Mercurial/FodyWeavers.xml
- Size
  
  139B
- MD5
  
  d43cae162166535ffb77fe23ba9939b3
- SHA1
  
  a90ee3518fcb92bc6fdf16a699b141f22b9b7946
- SHA256
  
  4448546786231d0d396a9987bc8776509a7a6f6fd755fc68ce63bed29ca8ee33
- SHA512
  
  30c836160cb51cb162391cc8172e620564d8529bbf618c930a0de4b037f977f03a9a3950cc3546194c5d452435aeb2fcbc416a8c5206b05710c1b11168d51e2a
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Form1.Designer.cs
- Size
  
  202KB
- MD5
  
  b2764313a63b490b214eb1483ae7a718
- SHA1
  
  d76116495cf308421cda8e2f513eb42d8c86929c
- SHA256
  
  d45b464533291a92791f6d60d6cf35186c35a0dbfda941bfbd4348ef7c0a5db3
- SHA512
  
  03c7237e8a1c72f3882f88d7919e224779a37387ca4a2f59e8670817facddd0be3489ed9b5f7f113365bfcc683fec940438130913db458c52ddcaeec6c5ba91b
- SSDEEP
  
  768:7D4yTHd2l2LdNw5U1QfPvPKCtAzfiDNTYZKc5G5li6dhl/J57ABrEYL5U1JXCPMs:PHsDvPOZKc5G5li6HpUA5m
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Form1.cs
- Size
  
  9KB
- MD5
  
  a776aaf437426b2c4631aaf1c26bfc76
- SHA1
  
  e55644617aa34e3071a366d4a6c3fa128f0b1806
- SHA256
  
  612e9c01c5e7dcce6c6d860f49c46f400c76b89f078fe3dcb36f780f2d44358f
- SHA512
  
  8097e9eec97aa39ae65cd053c62cdffd4adf6530fa67b7b1ef760a8adbfa3e28b310a420383e82c3196e8e28e6334b972db420c05b04d8a8028398a5696d7c59
- SSDEEP
  
  192:iaAKw6o2nSirMiapRX3zaZHC+wUoEmolcoyASoaXoPMo1toFAohQom7oKfoQ9u6J:iaA+YaZHnM3E
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Form1.resx
- Size
  
  169KB
- MD5
  
  64ad5539d2edb706f43169b6cdd2895c
- SHA1
  
  4eddf96ebc06b4c2011ff4f72e92416ff1029e70
- SHA256
  
  7f584bf76b4436fe50a220cd9be7bd4627431bad11054981e83e85362005835d
- SHA512
  
  ed2e9474b53ba2689d89ccd4658dcd36e20f0f40c5f434bd00de5a7f33258159de7b7ebad3191daf0ba4d33d70cca2f58058101ba7df88f120bb21d175f9b41c
- SSDEEP
  
  1536:ZfIiWSKOQ1QGQ9Q5eDT/J4HPPtVptF5oDR:ZfIKKOOj44eDT/J4HPXD3oDR
Score

1^/10
behavioral11 behavioral12
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Mercurial.csproj
- Size
  
  5KB
- MD5
  
  de7d4c49d781d44a582026f6feb2ae1f
- SHA1
  
  8c53317ad81d85118e51acb538b7eb94be959fff
- SHA256
  
  0e8746fecdd23b2539b1de4d2f517788339c44f0c63ba443114251ab9524323a
- SHA512
  
  a02267d3acfbd3c3c2974f7b4e27b495dcb3382f0d7aeebab8e1ef783aeeed214cef2182aa452b43edfd55c61ff4228638b7aaa0e15ff661ddfde749b44d0728
- SSDEEP
  
  48:3kYLVVnVVqjNJpxUCQnD0gaeczbjae4aJgHye4aJDtpP4TDJ4aDtDi/0X1jhaETb:UYhT0npqCgD8ecBa9zTSjuHiWC11z7
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Program.cs
- Size
  
  510B
- MD5
  
  d8692b1ad102280d59843e358fdcc9fa
- SHA1
  
  4d5b44762c74ceff17323f8acd553f6af527fe79
- SHA256
  
  f5b656e5ecc1cf14bcc9fcac75dc48ed0b8a04f6a2e47d088eedcd6249ff1913
- SHA512
  
  df09655bdbe6610fd99cdc02bfdee44b46e1dc72aca245d2685e32935787da23d6ff34058161f74f059080641e5cdcd6e6f83c847f2f168ed7a9a2f725d026e2
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Properties/AssemblyInfo.cs
- Size
  
  1KB
- MD5
  
  fb7ccd55507280955c49b08ddca93c00
- SHA1
  
  63429dde3af5b717e4e68726cdd28a487fffc658
- SHA256
  
  d72eb8ed23ce6deed0a189d5ba53e1788ea29bc8d09c0898784572530b6d3d42
- SHA512
  
  403c46451c9338aff5129a121ba78d5bd264bef9ccde86f75a8d3945111cb3aad4dc5bbcc74e1f517806da9faa8414fbd8fea9bf26545915757e94b1503e17b5
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Properties/Resources.Designer.cs
- Size
  
  12KB
- MD5
  
  e7bbd3ec488fd9a129f346636fdb6816
- SHA1
  
  d481a7f1f0baea15eb14480ea31c965a598c8fdc
- SHA256
  
  a5348378d71c60545fe383b1fce151c6d8d6081b9c3bbedcc58ab8da5c45f6b7
- SHA512
  
  11f667bacbad2d3ea042a67d25b3e4c2f73ccd7d91bf4a1ce270036b71c32fd2965c260df78455540f66190795532e8dafc3b2dce8082b50dcb12fa31c936883
- SSDEEP
  
  384:agKx1K1HBhTHphgnGhg0RShguW0AEthgMKchgJ37:lDTHbOA/R8cEfTKmi7
Score

1^/10
behavioral19 behavioral20
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Properties/Resources.resx
- Size
  
  7KB
- MD5
  
  58467f11104425fb5a573c71dbd37b3b
- SHA1
  
  8319ab7aacb06d06162a66cfdf0b97376cfd68e3
- SHA256
  
  df4a76464b02f4f7ee34aca6ca710ea0e770e62126f0ba49df74d3a548ffedc6
- SHA512
  
  a345e33b7e87c06aedb143f6b80c145b408c32e5fdf472768c5c0ada0c63a7c6e70ce5f114ce973a1b53633ee6249981b20cef9411a45a84c81497a08ef4bed4
- SSDEEP
  
  192:Zf+tLPfYnLvFVOiFQaUD7Ug94E2Km2y+2hb2ZT2392WK2cU2jh2X92+:Zf+tLPQnLvDOiFQXD7Ug12H2h2x2R2NT
Score

1^/10
behavioral21 behavioral22
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Properties/Settings.Designer.cs
- Size
  
  1KB
- MD5
  
  849a2a87e6d7c14ffcf27c7b89c1a644
- SHA1
  
  9252aa0ea9fae2806d70f9b5d1770cb82ece5dbf
- SHA256
  
  9bca1f94e727e3c5137743246d4db53c32844bbf48f19ccc4a35baa5dea2dafd
- SHA512
  
  6b6b0c35ffdbf17a5722ffa9e9e35cf8dd84254725c1fe5b3e7f196100a38a71f23fb1668e9b336afa8de4b0c6c5116687d5fe8e76520587837cc1e9bbf59770
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Properties/Settings.settings
- Size
  
  242B
- MD5
  
  29a2bb6bd6f85ff04804c473e895de92
- SHA1
  
  48d8aedc9ac54affd627fd9737a0af3ba713f6e4
- SHA256
  
  baba99193fc1787141063b135424b476ff4151beb833883fcb594631f17c0147
- SHA512
  
  e2126226fde15a2cbf850824ae9bd2a04910aed905d3f6df366c629890f4ce07404c9fcf30bd41c61c73fb589ff254b8ab328bbddced7640e734098e542bdce2
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Properties/licenses.licx
- Size
  
  2KB
- MD5
  
  33df0158d3451924487ed60ccdc1cb1d
- SHA1
  
  dcd8df0ca945e9440357e1f644d52852934d25e7
- SHA256
  
  6a8590909f2013c8a280d1d34b0cce53e4abf868cb85374bb16bf5d0c14f8a04
- SHA512
  
  8a302792a7ef3249f01223286dedc5a47250b63a5d826410964932c79e9a25856ac55baa62b0af37bfa0cba38bd95977e557ebbe970002c58c824309f428ef45
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Resources/AesGcm.cs
- Size
  
  5KB
- MD5
  
  f2377a77efc93d8f72a0d26931a269c7
- SHA1
  
  664c5d78dda24851864326619eb80121c6c7e76c
- SHA256
  
  7469f986176f35936b67ef76eb7525cc4b970870a852777b5802c16b4d401ca9
- SHA512
  
  5f65eccf6b3d3736ce93f0b28ab0b9f9ba24144891458647f09738d196d2e04803b7294b345382ba62607617e8b3cd229270caa526425768ee18e990a55ec2dc
- SSDEEP
  
  96:JjMXclvkCl1IMF+lNlUgQldKlySSfd1FC4MJ4UabIL:h8CPIeyfUgIdmySUGn4UakL
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Mercurial Grabber.v1.03/Mercurial/Resources/Browser.cs
- Size
  
  7KB
- MD5
  
  c415b2031fabcbcb6a5007d988a14355
- SHA1
  
  7fcfd7b387fd08700ff9570e5ec10ead9488b649
- SHA256
  
  33f92b991af62d99299b95998fbec26b25fc2054f2572150c89fca594824758a
- SHA512
  
  9ed10b0768ddf90a2cae06eb4923e1f43659bfa39aa01f92b222809195f9e4df679b23201722238e3b1cee856d97fa150243238763e0f67b7ad1d25d3b22135d
- SSDEEP
  
  192:QA5fJUyUOzllsWbzpQv33V2vXqGHMvK6tGRO79yp+ggX6vL:VwOEWbzqH2XqfKFf+1O
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Mercurial Grabber Stealer

Mercurialgrabber family

Looks for VirtualBox Guest Additions in registry

Looks for VMWare Tools registry key

Checks BIOS information in registry

Reads user/profile data of web browsers

Looks up external IP address via web service

Maps connected drives based on registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32