Overview
overview
10Static
static
10BDevsHwidS...ey.exe
windows7-x64
10BDevsHwidS...ey.exe
windows10-2004-x64
10BDevsHwidS...er.exe
windows7-x64
5BDevsHwidS...er.exe
windows10-2004-x64
7BDevsHwidS...er.exe
windows7-x64
1BDevsHwidS...er.exe
windows10-2004-x64
1BDevsHwidS...er.exe
windows7-x64
1BDevsHwidS...er.exe
windows10-2004-x64
1General
-
Target
BDevsHwidSpoofer.rar
-
Size
87.8MB
-
Sample
250221-3baxesvk14
-
MD5
16d8c15ac98b515fb77fd83e64b39554
-
SHA1
e64f1e4e57ba98292e433e0e67d48bf50e20a4c0
-
SHA256
884fb17d58024c96f35e10fe5b81c521032bb6176e91d1ed2b4cfba8f62341bb
-
SHA512
9c0b630f02eb36678c6b9266c6c18e51dc12938b1139e0f08551baf9db7818f82e709b2c9c25a2bc1de7201ee27b5074fdd4b7333eb33aebea25dd8d723cc4b2
-
SSDEEP
1572864:Wz9YaNI37Zdc/yFMlhngLFFKWmqAlIlfz9YaNI37Zdc/yFMM:e9YP3FSbgLF8lYr9YP3FSM
Behavioral task
behavioral1
Sample
BDevsHwidSpoofer/Key.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
BDevsHwidSpoofer/Key.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral3
Sample
BDevsHwidSpoofer/ScoFucker.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
BDevsHwidSpoofer/ScoFucker.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral5
Sample
BDevsHwidSpoofer/Updater.exe
Resource
win7-20241023-en
Behavioral task
behavioral6
Sample
BDevsHwidSpoofer/Updater.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral7
Sample
BDevsHwidSpoofer/data/Updater.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
BDevsHwidSpoofer/data/Updater.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1342592218795479070/gAprajht67Sa8ORePbAXrGT6sIbifHi5L7oiHuXxWUdAHMtuuCdTAvGCQzuS79w1C7lM
Targets
-
-
Target
BDevsHwidSpoofer/Key.exe
-
Size
41KB
-
MD5
e9eb8c9e977dffcaa7fd50792ec087c3
-
SHA1
3a916bff3fa8488d4678ad48c397f8e248db8d0d
-
SHA256
eb1ec5ac218ee4620daae85d52eb2f28d09147930667fc870e6640d5223eecde
-
SHA512
d231da2f1c0e5fcecfd313389642d23ece8f339c8a09c2b1737bbca914feb4942265a7d197715634793c4b9686205a4208665cfd9ae06011579c0c968335230c
-
SSDEEP
768:hscaIyIEL/gB1wqyuZjecWTjgKZKfgm3Eh8B:ec1irgBvecWT0F7E6B
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Mercurialgrabber family
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
BDevsHwidSpoofer/ScoFucker.exe
-
Size
28.9MB
-
MD5
5a924a768e25268747e26c60d44e2722
-
SHA1
37109a60a000c57c7c321afb44585064cbccb0b6
-
SHA256
6f9c20d90db779845264dee3eb25a2f5cef15be1a95bf85e82e469c4b6cd6f54
-
SHA512
5670efb26e28165b23922e4914eade005819621dbfd9c16a3c16eaccaaa528e18901c334c6ab5bc14ad97ca4eff7d7435e6c50b602647ef1f8aef9b303913e03
-
SSDEEP
786432:H/ls88jgftK8fCqoeeyMHaivfIv55pg/o+:H/lsRcfX6qg3HaivG5vgA
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
BDevsHwidSpoofer/Updater.exe
-
Size
32.1MB
-
MD5
d44d855c8e89b6cdb48b318ab9706e95
-
SHA1
5282b70475ddba9ac51a2c3f734e1c90b729c434
-
SHA256
0206963bd92cd09d570d1891963eec416665ed117357c0ec6a060d279973dd63
-
SHA512
3a6a956b4957ab5b13cf72a544a1abd8a8336e4956e59c9e4ba4e4e7f8cacdbbceba9d3aeaf85b95d4c7e760c90e3a435fc0a6d65d9bb392ff64ffe9c7f40943
-
SSDEEP
786432:8QgHEFNLewZZTftqapqtO90SBbUwgyRvOjqhKjaJyHOQ3SRk:8QgkFNLdtq4EyRvOGgeyHOQC+
Score1/10 -
-
-
Target
BDevsHwidSpoofer/data/Updater.exe
-
Size
32.1MB
-
MD5
d44d855c8e89b6cdb48b318ab9706e95
-
SHA1
5282b70475ddba9ac51a2c3f734e1c90b729c434
-
SHA256
0206963bd92cd09d570d1891963eec416665ed117357c0ec6a060d279973dd63
-
SHA512
3a6a956b4957ab5b13cf72a544a1abd8a8336e4956e59c9e4ba4e4e7f8cacdbbceba9d3aeaf85b95d4c7e760c90e3a435fc0a6d65d9bb392ff64ffe9c7f40943
-
SSDEEP
786432:8QgHEFNLewZZTftqapqtO90SBbUwgyRvOjqhKjaJyHOQ3SRk:8QgkFNLdtq4EyRvOGgeyHOQC+
Score1/10 -