mercurialgrabber | 9f39517e902a817dd6a544849dca7683ed86df3baef00cb5e82cfd831e1306b7[.]zip

General

Target

9f39517e902a817dd6a544849dca7683ed86df3baef00cb5e82cfd831e1306b7.zip
Size

18KB
MD5

bc74ebc94e03e70581abbaf8283ec1e1
SHA1

f37f11520757a917643dc175099b9ad5c6c64cbc
SHA256

9f39517e902a817dd6a544849dca7683ed86df3baef00cb5e82cfd831e1306b7
SHA512

189882b7c5b5ce96d9c9c3ae57840d0f152a728bc6949ccbd368f426c767b58ca68cea66d0124fd321305d0227afd521bbd03bd25775456fde12f12be6474db8
SSDEEP

384:91a3kS9O6tVF6yMlG7pbbeSo8LPz/2j2o84ooncJwJHUVD:MkOtayMYMSogqxx8

Score

10^/10

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/877387515915538482/COUuJ4RVtk2AutSpdNUBoKBQXvppkXWytekfOGO0pD83Fk9CfR7C50_wiRdirV9wIUlL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a14918133b9b818fa2e8728faa075c4f173fa69abc424f39621d6aa1405f5a18.exe

9f39517e902a817dd6a544849dca7683ed86df3baef00cb5e82cfd831e1306b7.zip
.zip

Password: infected
a14918133b9b818fa2e8728faa075c4f173fa69abc424f39621d6aa1405f5a18.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ