General

  • Target

    output.exe

  • Size

    42KB

  • Sample

    250521-rwsgescn51

  • MD5

    8dda5921509d851ae953014910c8243d

  • SHA1

    cf0a62e3c95cf66c822179649fd8020a62d92932

  • SHA256

    d98e2668421b0044e770bf947a119e06090374ba47cde1acf666259f1c118d2d

  • SHA512

    a3f1b33f3ba95944bdbda5f5320850332bee91f99684499bdca32335efaa634343d62699f0c5ea1531539688e59c0076f7bdbeadd714af93b0c7ae32bb8ab285

  • SSDEEP

    768:BtEENK7YQRBZ6aZpDtsuuZ2LPfTj8KZKfgm3Eh+F:Btz81ZPsmLPfToF7EAF

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1374750879600742490/3uNaolDAU3MWPxmzND8x0bNaL7DZ5Lv9_xgSnYrF29dHcFFByFekf5O9rhrSxtGVbvUp

Targets

    • Target

      output.exe

    • Size

      42KB

    • MD5

      8dda5921509d851ae953014910c8243d

    • SHA1

      cf0a62e3c95cf66c822179649fd8020a62d92932

    • SHA256

      d98e2668421b0044e770bf947a119e06090374ba47cde1acf666259f1c118d2d

    • SHA512

      a3f1b33f3ba95944bdbda5f5320850332bee91f99684499bdca32335efaa634343d62699f0c5ea1531539688e59c0076f7bdbeadd714af93b0c7ae32bb8ab285

    • SSDEEP

      768:BtEENK7YQRBZ6aZpDtsuuZ2LPfTj8KZKfgm3Eh+F:Btz81ZPsmLPfToF7EAF

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Mercurialgrabber family

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v16

Tasks