mercurialgrabber | 62a2a9c372635344dee03d3e875ca555910cc8f95e139cf44e653f5c267a4350 | Triage

Submit
Reports

Overview

overview

Static

static

test.exe

windows10-ltsc_2021-x64

Sharing

General

Target

test.exe
Size

41KB
Sample

250331-2qd2ysyze1
MD5

1cdef1bb03b387ab03056679a76fbb9a
SHA1

fcad7bf599054bfc1d5308575edf1b3f059b5740
SHA256

62a2a9c372635344dee03d3e875ca555910cc8f95e139cf44e653f5c267a4350
SHA512

c9d423cfe2d0ac05ec4f7163c1a1fcfa9776a100ac885bf6dff36542d4b37cf62511eeeb8c594fbf241a2212dd8336b366d3734af7d2fdf5ab65e4994c60d11b
SSDEEP

768:gscaIyIde8bH5M/BgwJuZPeE7WTj5KZKfgm3EhWS:Xc1He86IeE7WT9F7EAS

Score

10^/10

mercurialgrabber defense_evasion stealer

Static task

static1

mercurialgrabber

2 signatures

Behavioral task

behavioral1

Sample

test.exe

Resource

win10ltsc2021-20250314-it

mercurialgrabber defense_evasion stealer

windows10-ltsc_2021-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1356363803427737691/n_sUq8ti_BHeJHX3D-pQNlVax1pVJnbauSB8J9QNwlkD0hjVHeCGOM0i82aGyucFU3mG

Targets

- Target
  
  test.exe
- Size
  
  41KB
- MD5
  
  1cdef1bb03b387ab03056679a76fbb9a
- SHA1
  
  fcad7bf599054bfc1d5308575edf1b3f059b5740
- SHA256
  
  62a2a9c372635344dee03d3e875ca555910cc8f95e139cf44e653f5c267a4350
- SHA512
  
  c9d423cfe2d0ac05ec4f7163c1a1fcfa9776a100ac885bf6dff36542d4b37cf62511eeeb8c594fbf241a2212dd8336b366d3734af7d2fdf5ab65e4994c60d11b
- SSDEEP
  
  768:gscaIyIde8bH5M/BgwJuZPeE7WTj5KZKfgm3EhWS:Xc1He86IeE7WT9F7EAS
Score

10^/10

mercurialgrabber defense_evasion stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Mercurialgrabber family
  mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  defense_evasion
- Looks for VMWare Tools registry key
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberdefense_evasionstealer

© 2018-2025

Terms | Privacy