General

  • Target

    notalogger.exe

  • Size

    42KB

  • Sample

    250523-dlcfkagn8w

  • MD5

    501ee99a95e1319537955f4ba50fc8de

  • SHA1

    5651a0c337ac85df63d3cad08f4fc49f9dc95bbe

  • SHA256

    c0348011be96049a21d008f5e49ac207ae8250706d386fb053f94801af31ce46

  • SHA512

    c0ec144b7b7574f4168a5e8a70678cb9910d837d85a7c3b49eeb0e2149e4826646fd6df2b2c959a8357d4b9743b6c67f363ae6867cf8f4ff9f9289e15a1c899a

  • SSDEEP

    768:9IH3A3dL+Lv7pTylOEkuZzLgQTjOKZKfgm3EhoJ:qH6qjdT9EJLgQTaF7EyJ

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1375307462386909214/Bx5WZobqVUj7uOcOoxI7RT4f6kGOj1wwVuQcdvcc1kuubvyNEl0dgrhvwvpr7sviL9jP

Targets

    • Target

      notalogger.exe

    • Size

      42KB

    • MD5

      501ee99a95e1319537955f4ba50fc8de

    • SHA1

      5651a0c337ac85df63d3cad08f4fc49f9dc95bbe

    • SHA256

      c0348011be96049a21d008f5e49ac207ae8250706d386fb053f94801af31ce46

    • SHA512

      c0ec144b7b7574f4168a5e8a70678cb9910d837d85a7c3b49eeb0e2149e4826646fd6df2b2c959a8357d4b9743b6c67f363ae6867cf8f4ff9f9289e15a1c899a

    • SSDEEP

      768:9IH3A3dL+Lv7pTylOEkuZzLgQTjOKZKfgm3EhoJ:qH6qjdT9EJLgQTaF7EyJ

    • Mercurial Grabber Stealer

      Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    • Mercurialgrabber family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v16

Tasks