mercurialgrabber | 7bf62b6bf5ffbf4a72069d4a365bfc99f0c3552ccaf16c28f8845705d2f7df50 | Triage

Sharing

General

Target

Frskibidi.exe
Size

41KB
Sample

250216-swh4es1mel
MD5

4bbb23adbc1cafec977fc52a786c1c7a
SHA1

95602a3060dd058abfa3ba6a1384b4023fea5c57
SHA256

7bf62b6bf5ffbf4a72069d4a365bfc99f0c3552ccaf16c28f8845705d2f7df50
SHA512

e28fcdf2db2b4cd75f14df55a287c50db302daf51e4e337fcb886d71ca015f49e414558640f31b7e1065ddac3c0a10680ae5b4939f063d9d0bd1f87d52d9b286
SSDEEP

768:SscaIiIJVE64/ywruZye0WTj8KZKfgm3EhrF:Bc1jVElLe0WTIF7ENF

Score

10^/10

mercurialgrabber discovery spyware stealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1340699331883307028/16tpnAYBByHiVAI4QQLfQk-oiOtbEf2bDhtVR0QMI8eY0P03LzqokziuamktrNpiopq2

Targets

- Target
  
  Frskibidi.exe
- Size
  
  41KB
- MD5
  
  4bbb23adbc1cafec977fc52a786c1c7a
- SHA1
  
  95602a3060dd058abfa3ba6a1384b4023fea5c57
- SHA256
  
  7bf62b6bf5ffbf4a72069d4a365bfc99f0c3552ccaf16c28f8845705d2f7df50
- SHA512
  
  e28fcdf2db2b4cd75f14df55a287c50db302daf51e4e337fcb886d71ca015f49e414558640f31b7e1065ddac3c0a10680ae5b4939f063d9d0bd1f87d52d9b286
- SSDEEP
  
  768:SscaIiIJVE64/ywruZye0WTj8KZKfgm3EhrF:Bc1jVElLe0WTIF7ENF
Score

10^/10

mercurialgrabber spyware stealer discovery
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Mercurialgrabber family
  mercurialgrabber
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberspywarestealer

behavioral2

mercurialgrabberdiscoveryspywarestealer