mercurialgrabber | skeet[.]zip | Triage

Sharing

General

Target

skeet.zip
Size

18KB
MD5

b761a6640ebcd80a0f8b892fcb0070e1
SHA1

e2a56aa451e11e690b0fe5c3938c5410045e3a3f
SHA256

7dfc387d948bb06c3eb813c9975ec1a1dc852c8035a5422c7c4d6a9ddcf46614
SHA512

d866463ec22c83f4e02c9ee0d915e82fd3d87c615233d07306dbd24b6b04fcd389b94ccc7d221ece3226afe14c47a3c772e409699ed9ff9aab3f5b2b565eb886
SSDEEP

384:FW53hV1j5I8roE2Ixe4hYkGPwDcUAW0V60H4/f2cpZP/zDF:cTS8roE28NCw4Q0Q7DF

Score

10^/10

mercurialgrabber

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1337096942567555163/_OuVbk2ZGBIMjuPwPIIiqP2viOEm896TkaBwPFoXA86ZAlOqEm5VwC-5y_ndd9wVye4c

Signatures

Mercurialgrabber family
mercurialgrabber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/skeet/skeet.exe

Files

skeet.zip
.zip
skeet/skeet.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skeet/Инструкция.txt