General
-
Target
JaffaCakes118_0d6dd4b9d8e64a4d0d45f0f7cb3f734c
-
Size
41KB
-
Sample
250604-md58cagk2v
-
MD5
0d6dd4b9d8e64a4d0d45f0f7cb3f734c
-
SHA1
be182500d9325ae27ba43bbca411ccc06c9b94fd
-
SHA256
e5704c4de88b5bef7c43a8ab6af61a0a80506e1b2fc9d16aa789601b6c4ee6de
-
SHA512
e43d625cb613a15357237a7d96f85a5cbc027ea885b0a18e87ee6e33bc0d9b9a803ff29f60f90d65dda9c9210f452305f8308878af415c193d9f165eb03fb7e3
-
SSDEEP
768:0scG4Ac3mbMABWawguZie9WTjIKZKfgm3Eh7p:bcT3mM8Wie9WTUF7ERp
Behavioral task
behavioral1
Sample
JaffaCakes118_0d6dd4b9d8e64a4d0d45f0f7cb3f734c.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/866498831561785386/-XN88lELt22qbTEEdTB0HH3-hh-S38iWvyye0zi8ElR5NcY0s2rFAHuLulBbAaZSLUCl
Targets
-
-
Target
JaffaCakes118_0d6dd4b9d8e64a4d0d45f0f7cb3f734c
-
Size
41KB
-
MD5
0d6dd4b9d8e64a4d0d45f0f7cb3f734c
-
SHA1
be182500d9325ae27ba43bbca411ccc06c9b94fd
-
SHA256
e5704c4de88b5bef7c43a8ab6af61a0a80506e1b2fc9d16aa789601b6c4ee6de
-
SHA512
e43d625cb613a15357237a7d96f85a5cbc027ea885b0a18e87ee6e33bc0d9b9a803ff29f60f90d65dda9c9210f452305f8308878af415c193d9f165eb03fb7e3
-
SSDEEP
768:0scG4Ac3mbMABWawguZie9WTjIKZKfgm3Eh7p:bcT3mM8Wie9WTUF7ERp
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Mercurialgrabber family
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1