blankgrabber | 0f9a723b42319e0b131ea7c1dda2907e7766937cc296840621be757d1be83532 | Triage

Submit
Reports

Overview

overview

Static

static

Mercurial.exe

windows7-x64

7

Mercurial.exe

windows10-2004-x64

8

Sharing

General

Target

Mercurial.exe
Size

9.8MB
Sample

250207-v83pps1qeq
MD5

3bf880794834e8bcbbbf9060734acfd8
SHA1

52339a5a36704004d492f5216e79a0568c90199d
SHA256

0f9a723b42319e0b131ea7c1dda2907e7766937cc296840621be757d1be83532
SHA512

9f782e3b383243ee26fd9eac9981f84a96f9820705b691c13f74e4a0c18cd06744618486988489113ae2da25df65dae590035dbcc2f85b43797432c9b6ff4cb5
SSDEEP

196608:fsOOjmFQR4MVGFtwKPmF9mhAqaeGq8PHiFRV104:kKtM5KPm7mCeb8PHma4

Score

10^/10

blankgrabber agilenet discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Mercurial.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Mercurial.exe

Resource

win10v2004-20250207-en

agilenet discovery execution upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Mercurial.exe
- Size
  
  9.8MB
- MD5
  
  3bf880794834e8bcbbbf9060734acfd8
- SHA1
  
  52339a5a36704004d492f5216e79a0568c90199d
- SHA256
  
  0f9a723b42319e0b131ea7c1dda2907e7766937cc296840621be757d1be83532
- SHA512
  
  9f782e3b383243ee26fd9eac9981f84a96f9820705b691c13f74e4a0c18cd06744618486988489113ae2da25df65dae590035dbcc2f85b43797432c9b6ff4cb5
- SSDEEP
  
  196608:fsOOjmFQR4MVGFtwKPmF9mhAqaeGq8PHiFRV104:kKtM5KPm7mCeb8PHma4
Score

8^/10

upx agilenet discovery execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

agilenetdiscoveryexecutionupx

© 2018-2025

Terms | Privacy