mercurialgrabber | e6ac8a6dac77f9873024f50befb293b9cf6347aa2e093cd863b551d9c8da5f8d | Triage

Submit
Reports

Overview

overview

Static

static

output.exe

windows10-2004-x64

Sharing

General

Target

output.exe
Size

41KB
Sample

241122-bb8d5s1kez
MD5

a0e598ec98a975405420be1aadaa3c2a
SHA1

d861788839cfb78b5203686334c1104165ea0937
SHA256

e6ac8a6dac77f9873024f50befb293b9cf6347aa2e093cd863b551d9c8da5f8d
SHA512

e5ee500a8dcddd72e727cfa24e51093cd2b088f7ef89089f1d24145baa41c1ac46bf6be73bfd8cb15e2549349da8c2547d4e391b6e3a456621524fe0f83f9585
SSDEEP

768:DscWsQjfT6aGpDXswguZkeAWTjVKZKfgm3Ehq1:Yc8fnGEeAWTJF7E41

Score

10^/10

mercurialgrabber discovery evasion spyware stealer

Static task

static1

mercurialgrabber

2 signatures

Behavioral task

behavioral1

Sample

output.exe

Resource

win10v2004-20241007-en

mercurialgrabber discovery evasion spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discordapp.com/api/webhooks/1308883657456619530/0_Ad9EyrLZrIMKH4vjM6XHyvCJJtKddsiohDSyvCWZ8HIxpyNxmVJgrKb_zO-jqSHSO0

Targets

- Target
  
  output.exe
- Size
  
  41KB
- MD5
  
  a0e598ec98a975405420be1aadaa3c2a
- SHA1
  
  d861788839cfb78b5203686334c1104165ea0937
- SHA256
  
  e6ac8a6dac77f9873024f50befb293b9cf6347aa2e093cd863b551d9c8da5f8d
- SHA512
  
  e5ee500a8dcddd72e727cfa24e51093cd2b088f7ef89089f1d24145baa41c1ac46bf6be73bfd8cb15e2549349da8c2547d4e391b6e3a456621524fe0f83f9585
- SSDEEP
  
  768:DscWsQjfT6aGpDXswguZkeAWTjVKZKfgm3Ehq1:Yc8fnGEeAWTJF7E41
Score

10^/10

mercurialgrabber discovery evasion spyware stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Mercurialgrabber family
  mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberdiscoveryevasionspywarestealer

© 2018-2024

Terms | Privacy