mercurialgrabber | ac91063a94cbb82730b45e88d6a61cb820c15bf50d966bfc15b703b60ee6a557 | Triage

Submit
Reports

Overview

overview

Static

static

Image Logger V2.exe

windows10-2004-x64

Sharing

General

Target

Image Logger V2.rar
Size

17KB
Sample

241225-g9jrbszqdj
MD5

3087f5eca8ca71b27e95daa6c3694c62
SHA1

3c4b5576c6a7a3deacf1b44d20f087014616f30b
SHA256

ac91063a94cbb82730b45e88d6a61cb820c15bf50d966bfc15b703b60ee6a557
SHA512

59609f0b40b71226091749372f67f2856c9000bc1f205919319a1a3b2be2de2ff05f420a37246580a4216d114c90154672ca3758ad0b003378b4227a308da38b
SSDEEP

384:tnm1WOfa+Ui3EAmlShLEqT61CUowe7vmmhFReLJg6ZnXeC9ECzEwZnoKJns8:o1WOS+TO8Aq0CUow+vmlu6ZnXeC9ECzP

Score

10^/10

mercurialgrabber discovery evasion spyware stealer

Static task

static1

mercurialgrabber

2 signatures

Behavioral task

behavioral1

Sample

Image Logger V2.exe

Resource

win10v2004-20241007-en

mercurialgrabber discovery evasion spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/983521351304372225/DJEv35iWOrLlYVLwOwdY5Z8J4lICdeMuYxEZwlCGzTWHXuG9MgkSttJsmO97R_cDe3nD

Targets

- Target
  
  Image Logger V2.exe
- Size
  
  41KB
- MD5
  
  e1d9a9e7ff84fa7ee690dacc4ea18cdb
- SHA1
  
  c6bca7690d964e279ef0261e424bfefbdb342208
- SHA256
  
  890eb759f46a42e6b2a9cc5740eb19ea37589a046b0e9e32c0ad0fdcf23c76c4
- SHA512
  
  ec4c2adafedd13fae600b5c51ebb2bdeb09f685b2dea21a27dcd50016faba2b75265ca77411c581eac5b781ada9c6c735da4fa37caa9b37d84a939e3d0520dba
- SSDEEP
  
  768:MscG4A6bYc+TSwIuZKeRWTjqKZKfgm3Ehsw:Dcl2TieRWT2F7EWw
Score

10^/10

mercurialgrabber discovery evasion spyware stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Mercurialgrabber family
  mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberdiscoveryevasionspywarestealer

© 2018-2025

Terms | Privacy