mercurialgrabber | 2815e46ccd7635b296686fc9a9b3691998cd9a274fe2a7a94c61c6699d9a5c50

Resubmissions

07-12-2024 01:36

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
07-12-2024 01:36

Target

output.exe
Size

42KB
MD5

6df2f04b617beb9cd0454f528fa5dba9
SHA1

85dbecd06ccfcc52a701cb541a21e5fe56932d7f
SHA256

2815e46ccd7635b296686fc9a9b3691998cd9a274fe2a7a94c61c6699d9a5c50
SHA512

5e2dc191773ed78a0c55d133a9c8fd056970b252d55a4f8c9c80df57447f67423e68db9bf4cc12087818231f4fb9effdbe58923c03ef58616c191fdb6f7ba672
SSDEEP

768:cLIBZ6aWPpDtsmuZ2L65TjlKZKfgm3EhYJ:j1WPPsOL65ThF7EuJ

Score

10^/10

Family

mercurialgrabber

https://discord.com/api/webhooks/1314767049267875882/NJaVPRXpYcNaXw4sYAd4msJ1JNHj6CEOspxK1vQ1Tfi33pJwKx_KRpnxTaxOkBxp5v3W

Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
stealer mercurialgrabber
Mercurialgrabber family
mercurialgrabber

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	ip4.seeip.org

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2600	output.exe

C:\Users\Admin\AppData\Local\Temp\output.exe
"C:\Users\Admin\AppData\Local\Temp\output.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2600

memory/2600-0-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

Filesize
4KB

Download
memory/2600-1-0x0000000000270000-0x0000000000280000-memory.dmp

Filesize
64KB

Download
memory/2600-2-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download
memory/2600-3-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

Filesize
4KB

Download
memory/2600-4-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download