General
-
Target
2025-05-01_68dac06d76aeb8c41160f64ac0d8211e_black-basta_elex
-
Size
20.4MB
-
Sample
250501-gjve5sfn81
-
MD5
68dac06d76aeb8c41160f64ac0d8211e
-
SHA1
cfb5407551408ca86b9a87867bbc438e600716c6
-
SHA256
1a57568580ce62c274eee6e72413ce84afcb5c2c14ffeb5d7efbbe6b0d676fd7
-
SHA512
22dbf8ee6a28fbbf91f662a4eec30c401926032a19d27d3057b7fa6018326a24ef856013219d72693f53eb15b713a45af3b4b4d4989a0d2afd900ec5244f19e1
-
SSDEEP
393216:gfZaKBsRvKt+2JtWNhqKVp1+TtIiF5/QwCPs2Qp7MePjGY6A4Yp:IaKc2JtEhqKVp1QtIO/QwWQxPjnp
Behavioral task
behavioral1
Sample
2025-05-01_68dac06d76aeb8c41160f64ac0d8211e_black-basta_elex.exe
Resource
win10v2004-20250410-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1361784872892498110/gIFvYe7mgYi8DSdyPsEA70WvUC10wl2gkxeTQaDNo1SttNSIjE58-QGfTyW-ftP530HP
Targets
-
-
Target
2025-05-01_68dac06d76aeb8c41160f64ac0d8211e_black-basta_elex
-
Size
20.4MB
-
MD5
68dac06d76aeb8c41160f64ac0d8211e
-
SHA1
cfb5407551408ca86b9a87867bbc438e600716c6
-
SHA256
1a57568580ce62c274eee6e72413ce84afcb5c2c14ffeb5d7efbbe6b0d676fd7
-
SHA512
22dbf8ee6a28fbbf91f662a4eec30c401926032a19d27d3057b7fa6018326a24ef856013219d72693f53eb15b713a45af3b4b4d4989a0d2afd900ec5244f19e1
-
SSDEEP
393216:gfZaKBsRvKt+2JtWNhqKVp1+TtIiF5/QwCPs2Qp7MePjGY6A4Yp:IaKc2JtEhqKVp1QtIO/QwWQxPjnp
-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Mercurialgrabber family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-