General

  • Target

    skibdidildo.exe

  • Size

    42KB

  • Sample

    250503-ydj6nabn6v

  • MD5

    9d2f7e5485fb707a88dd13b1c9d16a3a

  • SHA1

    98b99895089ef6e4904acb137b2fb14aaccd2968

  • SHA256

    012e3e46048fb53d1fcf4831c8842a52e3e78a1f3c54af7dfcfa2bb84928fa9d

  • SHA512

    f42c84548a715bfba7d28268ba8125b7de813a02b709d74aabe2ba967447f9c301a0c43d9387103063dd94226171d28d10f1101bcd7ee156c1d14941414fc561

  • SSDEEP

    768:opKLvWTylOUIuZbLjCTj3KZKfgm3Ehy5:pjWT9UVLjCTbF7Ec5

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1368309880108224713/3s2y6pzsmqMyrkXqMiOmaB-Hs7qwBUDOH-W_MQ9nKnCOBe-c7cRYAN2caCJdVBJggZli

Targets

    • Target

      skibdidildo.exe

    • Size

      42KB

    • MD5

      9d2f7e5485fb707a88dd13b1c9d16a3a

    • SHA1

      98b99895089ef6e4904acb137b2fb14aaccd2968

    • SHA256

      012e3e46048fb53d1fcf4831c8842a52e3e78a1f3c54af7dfcfa2bb84928fa9d

    • SHA512

      f42c84548a715bfba7d28268ba8125b7de813a02b709d74aabe2ba967447f9c301a0c43d9387103063dd94226171d28d10f1101bcd7ee156c1d14941414fc561

    • SSDEEP

      768:opKLvWTylOUIuZbLjCTj3KZKfgm3Ehy5:pjWT9UVLjCTbF7Ec5

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Mercurialgrabber family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v16

Tasks