mercurialgrabber | 600912c936665053415f279dff2b3c43f5c28bcf57759976059a34e0211eee1b[.]zip

General

Target

600912c936665053415f279dff2b3c43f5c28bcf57759976059a34e0211eee1b.zip
Size

18KB
MD5

d096766a00502b497ffda6fb63e02071
SHA1

628e706990f19123dd49c1b7595b28cd1d12a85d
SHA256

600912c936665053415f279dff2b3c43f5c28bcf57759976059a34e0211eee1b
SHA512

7ee1f932048aab605bc909b8a5df2c446289da388ae422abffc68f548e680ff42ff9f7ba6e15948188cf667e865f9af96385c624df956263b3522c1d20399bb0
SSDEEP

384:FJszCxtqOT6t/PapTREhRBmUviCo85JEHfcHzDxxDg6fXbw5OrS:Frxret/CptEhRdTo4akVg6frw5OrS

Score

10^/10

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/875852675625910323/FZwPwtdHbLxfj83p3-xABK2PUL5UBlzHAHTw2lI2EK2mMFQEL_hHmyfy79QNMGnmavcJ

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/84eb2c63dd363a740147908e0926d40eba7bbde57ee54759e43c667f6a1553dc.exe

600912c936665053415f279dff2b3c43f5c28bcf57759976059a34e0211eee1b.zip
.zip

Password: infected
84eb2c63dd363a740147908e0926d40eba7bbde57ee54759e43c667f6a1553dc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ