Overview

overview

10

Static

static

3

Mercurial....03.rar

windows11-21h2-x64

1

Mercurial.exe

windows11-21h2-x64

10

readme.txt

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Mercurial.Grabber.v1.03.rar

  • Size

    2.9MB

  • Sample

    241122-el73xaznbl

  • MD5

    635903bad1ada856d701f34d3070ccd9

  • SHA1

    3ff98d91b9a3a47bf9f64bdf161efb9c5ac99fb0

  • SHA256

    3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6

  • SHA512

    fee2c64124c47bcb1251b7b87969a1ff493e24bc196633e3a301565b126f5ed2e2967d4d1426ff5d9be9466c852bacf405229308acf946368e00ca887a4ef015

  • SSDEEP

    49152:lYtbFd+FwSjhWaqv7yBSw9i4b1g8lDZxu0TR9TlqdqjxaNOH:qkwSVef4NDW8qEfH

Score
10/10
mercurialgrabberagilenetdefense_evasiondiscoveryspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1303785039175225366/CJszo9Zxqp6V6LgQ3CZrQZJNLFbjFTi5qvQvP-DCiySjJ_h9BO16dYrNkWeeAcF6eAf3

Targets

    • Target

      Mercurial.Grabber.v1.03.rar

    • Size

      2.9MB

    • MD5

      635903bad1ada856d701f34d3070ccd9

    • SHA1

      3ff98d91b9a3a47bf9f64bdf161efb9c5ac99fb0

    • SHA256

      3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6

    • SHA512

      fee2c64124c47bcb1251b7b87969a1ff493e24bc196633e3a301565b126f5ed2e2967d4d1426ff5d9be9466c852bacf405229308acf946368e00ca887a4ef015

    • SSDEEP

      49152:lYtbFd+FwSjhWaqv7yBSw9i4b1g8lDZxu0TR9TlqdqjxaNOH:qkwSVef4NDW8qEfH

    Score
    1/10
    behavioral1

    • Target

      Mercurial.exe

    • Size

      3.2MB

    • MD5

      a9477b3e21018b96fc5d2264d4016e65

    • SHA1

      493fa8da8bf89ea773aeb282215f78219a5401b7

    • SHA256

      890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645

    • SHA512

      66529a656865400fe37d40ae125a1d057f8be5aa17da80d367ebbe1a9dcea38f5174870d0dc5b56771f6ca5a13e2fad22d803f5357f3ef59a46e3bdf0cc5ee9c

    • SSDEEP

      98304:5kjozJ9/im8XVBKl6t1buVfRhq+5tXzgCa/T:lzJpjS346t1bIfuq07

    Score
    10/10
    mercurialgrabberagilenetdefense_evasiondiscoveryspywarestealer

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

      stealermercurialgrabber

    • Mercurialgrabber family

      mercurialgrabber

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

    • Target

      readme.txt

    • Size

      64B

    • MD5

      77976ab4f7b14569dd64f212ce6ee64e

    • SHA1

      f442ef7a74ac6922628bc8ba03ea08e62f83253e

    • SHA256

      044b863e9895e669d45d97d44a4f80f2b9ac5f941635ef3c1e9f39ad12747ecf

    • SHA512

      52d4b884b2462449576fe9dac654de500985b53d0262472d88a1bc659b3a5ffe0ed5f0581c50ef006c3b3d7dbf816a80d21e6b6f4c03b595bb108a4360a60723

    Score
    3/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks