Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
skeet.zip
-
Size
18KB
-
Sample
250207-nw8xma1jbn
-
MD5
b761a6640ebcd80a0f8b892fcb0070e1
-
SHA1
e2a56aa451e11e690b0fe5c3938c5410045e3a3f
-
SHA256
7dfc387d948bb06c3eb813c9975ec1a1dc852c8035a5422c7c4d6a9ddcf46614
-
SHA512
d866463ec22c83f4e02c9ee0d915e82fd3d87c615233d07306dbd24b6b04fcd389b94ccc7d221ece3226afe14c47a3c772e409699ed9ff9aab3f5b2b565eb886
-
SSDEEP
384:FW53hV1j5I8roE2Ixe4hYkGPwDcUAW0V60H4/f2cpZP/zDF:cTS8roE28NCw4Q0Q7DF
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1337096942567555163/_OuVbk2ZGBIMjuPwPIIiqP2viOEm896TkaBwPFoXA86ZAlOqEm5VwC-5y_ndd9wVye4c
Targets
-
-
Target
skeet/skeet.exe
-
Size
41KB
-
MD5
da76f361f0e88dbb3b4a17de18a05681
-
SHA1
9f3e38b99620a8381fc3a262f0f49a88ffee3dbf
-
SHA256
8ec7c1dd4c94af0de4d6e04f237dc501d9e2a23f55835ad33b480583f0053603
-
SHA512
ddc6b4204def36c64b3e5d1e378437ec553305d9fdf3f2891ef1c02c23de257d8774a6a07d7df4f6d0bd55acdd8687d4b51c3257b508f09da9384449736e9144
-
SSDEEP
768:+scaIiIEaL/gB1w1guZBeyWTjh0KZKfgm3Ehto:Nc1yargB0eyWT90F7Ero
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Mercurialgrabber family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1