General
-
Target
output.exe
-
Size
42KB
-
Sample
250521-rwsgescn51
-
MD5
8dda5921509d851ae953014910c8243d
-
SHA1
cf0a62e3c95cf66c822179649fd8020a62d92932
-
SHA256
d98e2668421b0044e770bf947a119e06090374ba47cde1acf666259f1c118d2d
-
SHA512
a3f1b33f3ba95944bdbda5f5320850332bee91f99684499bdca32335efaa634343d62699f0c5ea1531539688e59c0076f7bdbeadd714af93b0c7ae32bb8ab285
-
SSDEEP
768:BtEENK7YQRBZ6aZpDtsuuZ2LPfTj8KZKfgm3Eh+F:Btz81ZPsmLPfToF7EAF
Behavioral task
behavioral1
Sample
output.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/1374750879600742490/3uNaolDAU3MWPxmzND8x0bNaL7DZ5Lv9_xgSnYrF29dHcFFByFekf5O9rhrSxtGVbvUp
Targets
-
-
Target
output.exe
-
Size
42KB
-
MD5
8dda5921509d851ae953014910c8243d
-
SHA1
cf0a62e3c95cf66c822179649fd8020a62d92932
-
SHA256
d98e2668421b0044e770bf947a119e06090374ba47cde1acf666259f1c118d2d
-
SHA512
a3f1b33f3ba95944bdbda5f5320850332bee91f99684499bdca32335efaa634343d62699f0c5ea1531539688e59c0076f7bdbeadd714af93b0c7ae32bb8ab285
-
SSDEEP
768:BtEENK7YQRBZ6aZpDtsuuZ2LPfTj8KZKfgm3Eh+F:Btz81ZPsmLPfToF7EAF
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Mercurialgrabber family
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-