mercurialgrabber | 2025-04-03_76ea72164dd28c5f3e8a1bc5f2762b5c_amadey_esfury_rhadamanthys_smoke-loader | Triage

Sharing

General

Target

2025-04-03_76ea72164dd28c5f3e8a1bc5f2762b5c_amadey_esfury_rhadamanthys_smoke-loader
Size

3.5MB
MD5

76ea72164dd28c5f3e8a1bc5f2762b5c
SHA1

8ce5f0888f5368c091107e9ba77cfc42e0c5f8df
SHA256

aff971e3e4484669c73c912ab3fed84dab8b9ce036d0ac717abe2fbf176276e1
SHA512

42160cf01c583aac9a8280f20eda925cf14588c71bd1c17997bded1618c0901d2f1d03e7ea926458f5abac7a30222f394e78c34e00103d9303acebd4aa06090b
SSDEEP

98304:6kkjozJ9/im8XVBKl6t1buVfRhq+5tXzgCa/TY:68zJpjS346t1bIfuq07

Score

10^/10

upx mercurialgrabber

Malware Config

Signatures

Mercurialgrabber family
mercurialgrabber

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-04-03_76ea72164dd28c5f3e8a1bc5f2762b5c_amadey_esfury_rhadamanthys_smoke-loader

Files

2025-04-03_76ea72164dd28c5f3e8a1bc5f2762b5c_amadey_esfury_rhadamanthys_smoke-loader
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE