Overview

overview

10

Static

static

10

RGF-main/Input.zip

windows7-x64

1

RGF-main/Input.zip

windows10-2004-x64

3

RoBrute-ma...ute.py

ubuntu-18.04-amd64

RoBrute-ma...ute.py

debian-9-armhf

RoBrute-ma...ute.py

debian-9-mips

RoBrute-ma...ute.py

debian-9-mipsel

RoBrute-ma...Lib.py

windows7-x64

3

RoBrute-ma...Lib.py

windows10-2004-x64

8

RoBrute-ma...ib.pyc

windows7-x64

3

RoBrute-ma...ib.pyc

windows10-2004-x64

8

RoBrute-ma...cks.py

windows7-x64

3

RoBrute-ma...cks.py

windows10-2004-x64

8

RoBrute-ma...ks.pyc

windows7-x64

3

RoBrute-ma...ks.pyc

windows10-2004-x64

8

RGF-main/RBF.exe

windows7-x64

10

RGF-main/RBF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RGF-main.zip

  • Size

    54KB

  • Sample

    250214-qazsyawrhn

  • MD5

    7bcc565dfb0ce789f9a984870a64414c

  • SHA1

    7918e05800b7d02be5aa3670259709fde7f5c268

  • SHA256

    33461d788a33b88bed3d489826f9fb766cae421f322b81c5eb861718a1dea7bb

  • SHA512

    0490c139cd781e827fa35e55d21d887990febb2ab158baac005755ae1825904cf8f2971a10e75e135fa350c40ac841815ddeb2fd5c9da2d7b350e9c509f027b0

  • SSDEEP

    768:C2wkbG+ulfxDBcy7hCPWLp7BKgRfIa700K/2x6qKDcqVQ1WEx7HyWKpIpTtKP1ZC:CN1LPBcmKWLp7BTei/qVgRHfKJLYd9vr

Score
10/10
mercurialgrabberdefense_evasiondiscoverylinuxspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/975244014364270683/FZnH_sfT1E7Axl_7pfCffp86xK6BWVM_UXXb74CN2p4kpHxH_6kuQsuzlglxNPVfnIm6

Targets

    • Target

      RGF-main/Input.zip

    • Size

      36KB

    • MD5

      45102f2509fb9913e768c47a8a7700e5

    • SHA1

      f853f5b887bba4aab056400fc4cfa09aa77dae26

    • SHA256

      f1db00cc9a4d36920d6d360187e36f96e649ed9e8543e3941773b3c5df4bf9a6

    • SHA512

      e2571fa2085b34ab28b5a75908222c3c00b6a398349bde0aaf52d5f5fc66f03a9e010ca7be72bced5eff00a050a5fc02e78abeb748df0ecd8e48f798fd72a66a

    • SSDEEP

      768:0CER7pNX8nL9XhVCbS3O7hCPWLp7BKgRfIa700K/2x6qKEEa6:5ER7jMnxXhwbS3iKWLp7BTeilEa6

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      RoBrute-master/RoBrute.py

    • Size

      6KB

    • MD5

      459ffbe4a551223287035714b6e274c2

    • SHA1

      98151335d6fcf0630f03092fee504aa05563d2db

    • SHA256

      418ab9d7b1c9ee04596bf868b74ba50f7105b3a150f6989d74d445f9810aaef9

    • SHA512

      385d9317c7b823eef361ae294635697c07b1bf93d4d8d17da703911688f9b2b478532ff800c670507bf6269e7addbba7eb8f057357754e3565999d36af804cee

    • SSDEEP

      192:aIzopckmTzso484ijEF3VvGK4F21p54wfFaep6D:aIkukwIijEF3VVs6htaepA

    Score
    1/10
    behavioral3behavioral4behavioral5behavioral6

    • Target

      RoBrute-master/mainLib.py

    • Size

      481B

    • MD5

      d605f4316cf7dd5b2f4d68e5534903a5

    • SHA1

      1d9f87b0316cacdbc97c265a2005ceb9f04dd0e2

    • SHA256

      930cac6585d68eef349b1db9e376c3c9cef6a764a51c6e19a55b3d23cbe4acbd

    • SHA512

      384a3e39dad72d77fa8da085714b08ea8bddaa49c70df389febf9290c9ce09114646c417d31d6888437d237817b2eea67d183c7c65e5e985faa66a02b05a746b

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral7behavioral8

    • Target

      RoBrute-master/mainLib.pyc

    • Size

      806B

    • MD5

      a69353c0a05226a823732ff09def0462

    • SHA1

      29d202a58960848f8a74c52cc5e0f28c239cbe1d

    • SHA256

      14db2c7373b04e3767f4210e473906661b5251afceb5f9e445ab276f13b51a01

    • SHA512

      b40d9ec41b4ef60d7d84400d4bcbcf11d0f469bd0365e84ff4a6b92f0dc71e12fd1f7ee4af5dd7d47dc2bd4548ecb1e75631a20829717f7ab5c46e80ed8cdfaa

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral10behavioral9

    • Target

      RoBrute-master/socks.py

    • Size

      31KB

    • MD5

      48785c4abab003e3567e381d81a4e3fe

    • SHA1

      b78b23d63ac8d301e24e9a0f2c709f4d02abba87

    • SHA256

      bc89e89dcd6a255af82c73cbd6cbbaaddba2aa83380188bbb8282aef40b0a11a

    • SHA512

      52d7002548b3dc31ba4c355270577b92980c4a569dcad45c6af518da7355fcec0ace7c9ce5fabcf68dc04b2211d0d31a5cac1e7dc92a5017a1c3f1ed74cbb09a

    • SSDEEP

      768:MTMqwGwX3Q/28zGh9czigrcQcJWN2hqoJRBLXo:M1rwXl8zGhCzig4QIWN0JRBjo

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral11behavioral12

    • Target

      RoBrute-master/socks.pyc

    • Size

      26KB

    • MD5

      c59597fcf54f22c79d319b129c33a62a

    • SHA1

      316daa8cc82926af92ae9400c83c172681f427be

    • SHA256

      245adcd5c71c12585d86e4cee0370781d99bd3ea8029e9869744028ed26bb7d5

    • SHA512

      bf1b978029e2500ef16c4f201ef456324752f2dfc5e213153a861c990010518520e7e2d4b501deab30056302201537291ceff77312f5adae2d3845c8bce2a9c9

    • SSDEEP

      768:x+TMqK0DoOgVH8zD5x50Y8a6RA516g0QsCh:k1DIVczDbXr6Ku4h

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral13behavioral14

    • Target

      RGF-main/RBF.exe

    • Size

      41KB

    • MD5

      09d12c328c88bfdfef9dcc0927dca671

    • SHA1

      4f61a36bc05dbd9229b56db5ead4ea3d37e4308a

    • SHA256

      64e772d1da472d9da1dde4d9b070c1d9acf98d9819ec04058a0161f020022e49

    • SHA512

      4774119f1eb6f3f712fc29f7c7cceb31a67c62c01a6b7f09ccf17a85a4d78b3fed4f3a9532c353490f9058aae5db58d305a92a65a8e8039e7c123f48e73d1d51

    • SSDEEP

      768:escGoAxWdPN+wauZLePWTjZKZKfgm3Ehpe:tcVdPN9ePWTVF7Ebe

    Score
    10/10
    mercurialgrabberdefense_evasionstealerdiscoveryspyware

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

      stealermercurialgrabber

    • Mercurialgrabber family

      mercurialgrabber

    • Looks for VirtualBox Guest Additions in registry

      defense_evasion

    • Downloads MZ/PE file

    • Looks for VMWare Tools registry key

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.