General
-
Target
JaffaCakes118_533cf2fce7d99d880e645cc20d927116365eb564
-
Size
17KB
-
Sample
241221-xfrg3swnas
-
MD5
edf6b70160d9a7ca0d7f98f4a9b0f6f5
-
SHA1
533cf2fce7d99d880e645cc20d927116365eb564
-
SHA256
4888d173e7fbcb3920d7047d158398c13086b365f8473d806d653789be1d80a7
-
SHA512
47e61587ac45dca9342fd95686847cd6cdfc7254ea7d47f9e9103ec27b44ca2ef9a896b22f4c7965b3dfebb0e637487be2efae7e53c047ecf3270267ea73faf8
-
SSDEEP
384:hQjnMNT2s2KjaNW0h+8N2CXhnesj/XHgFOBUStM9slTMydS0Kev:q+TF2hW0hwsj/AGtMEcS
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/923874147728232458/ueZK-9vm2atbN4nLZvFSJ_3VaYZFPq7L_XiQMdjB3tIhhJ_eVMiFWiUWekiUfzH_ypmU
Targets
-
-
Target
IMAGE.bin
-
Size
41KB
-
MD5
8cfef23d86d26c7b019c2f509a93bf44
-
SHA1
2464118ba0504ef13b6b2ec9967c0137037af706
-
SHA256
2f08220ac7f1fc004f4df859c0c382258cccd17c3df6365acf6a94c89c48368a
-
SHA512
3b8b1ee1009bbe5c19cb39fe1233fb27a47cbed54ffbf152d775f65f92ccf279759fba65487d27edca75adc95c6e5feda4841713cb85ee0514775063807ef977
-
SSDEEP
768:iscGoAZyCH/gB1wdPuZOeJWTjJKZKfgm3Ehy1:xckTgBseJWT1F7Ew1
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Mercurialgrabber family
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1