Overview

overview

10

Static

static

10

ALG_.exe

windows7-x64

10

ALG_.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ALG_.exe

  • Size

    41KB

  • Sample

    250324-w1wf4axmy8

  • MD5

    46fd49191202386317facb5ac2157e2e

  • SHA1

    5a52d8e40e4602eead1cd84cf8e4a718bdf020e7

  • SHA256

    e3daf5a3dd5e01ab6f5ed2f7ac60fa80fc39f001b35d8345544109582b255e99

  • SHA512

    b121307ed2d5c395bf3181fc7e9fe2fdb7b853fc1abb72dbe83d3be4f352aff85ef43df6bcfa4e2908b20bd4293a34682b3481c5950aad69b0799a3e7ddce563

  • SSDEEP

    768:8scaIyIde8bH5M/BgwwuZaefWTjtKZKfgm3Eh2H:Tc1He862efWTJF7EoH

Score
10/10
mercurialgrabberdefense_evasionspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1353428582617317427/6wfKFgsJQtu_LlNQm9f91lBzKCAbcj8s7GDl_5m_ej1_pdgZF56aGaBolzWErmqIoq1X

Targets

    • Target

      ALG_.exe

    • Size

      41KB

    • MD5

      46fd49191202386317facb5ac2157e2e

    • SHA1

      5a52d8e40e4602eead1cd84cf8e4a718bdf020e7

    • SHA256

      e3daf5a3dd5e01ab6f5ed2f7ac60fa80fc39f001b35d8345544109582b255e99

    • SHA512

      b121307ed2d5c395bf3181fc7e9fe2fdb7b853fc1abb72dbe83d3be4f352aff85ef43df6bcfa4e2908b20bd4293a34682b3481c5950aad69b0799a3e7ddce563

    • SSDEEP

      768:8scaIyIde8bH5M/BgwwuZaefWTjtKZKfgm3Eh2H:Tc1He862efWTJF7EoH

    Score
    10/10
    mercurialgrabberdefense_evasionspywarestealer

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

      stealermercurialgrabber

    • Mercurialgrabber family

      mercurialgrabber

    • Looks for VirtualBox Guest Additions in registry

      defense_evasion

    • Looks for VMWare Tools registry key

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.