mercurialgrabber | 8ce381455c6cc7f68574f0e258e4aaa7a8856e439b9650bf2b110e922a73d791 | Triage

Sharing

General

Target

GorillaUnbanner.exe
Size

42KB
Sample

250218-aeh3zsvmbx
MD5

2f0e33a107758d9752b5d8caafefda2a
SHA1

1cdd6766b17aad972cedd7e448f9704161709d08
SHA256

8ce381455c6cc7f68574f0e258e4aaa7a8856e439b9650bf2b110e922a73d791
SHA512

9f55614d1ce6296ad9212eece2ed5a64710a8566be8e660c830f554c567ebb28f9a0c0c345542fefda71bd7279a02bcec170f7d229893defde4485edfe2b59ea
SSDEEP

768:vFFGAUvRHCTuZSLRVTj75KZKfgm3EhYh:WRHCPLRVT35F7EOh

Score

10^/10

mercurialgrabber spyware stealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1341192836023848981/MHmt34PTZZ_P_jTTneScbh_QIw9mlThCTekNBxgsaOnuwkBHwRizs2_F6x5ofxMBehpH

Targets

- Target
  
  GorillaUnbanner.exe
- Size
  
  42KB
- MD5
  
  2f0e33a107758d9752b5d8caafefda2a
- SHA1
  
  1cdd6766b17aad972cedd7e448f9704161709d08
- SHA256
  
  8ce381455c6cc7f68574f0e258e4aaa7a8856e439b9650bf2b110e922a73d791
- SHA512
  
  9f55614d1ce6296ad9212eece2ed5a64710a8566be8e660c830f554c567ebb28f9a0c0c345542fefda71bd7279a02bcec170f7d229893defde4485edfe2b59ea
- SSDEEP
  
  768:vFFGAUvRHCTuZSLRVTj75KZKfgm3EhYh:WRHCPLRVT35F7EOh
Score

10^/10

mercurialgrabber spyware stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Mercurialgrabber family
  mercurialgrabber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberspywarestealer

behavioral2

mercurialgrabberspywarestealer