Extracted

• • Target

    delete fortnie cheat + spoofer/deletefortnitecheat.exe

  • Size

    271KB

  • MD5

    9bbf2e88e6ba430797350cbaaaccc532

  • SHA1

    0d32ac3a2cba07cdda18c18844bfd77babc586bc

  • SHA256

    c82d2bb57555ea8f65b5a37841044b2d5f569ea16955358ed55b03ea0a0eed14

  • SHA512

    f2b5ff57a8ce0bf5d23892a96492ef081db6db88553075cb05e5c6f3c08b5a7e17bb25e2536afae601de21f9ea493e0fd7f4fbf22e4b62fd7061aeb667ade25d

  Score

  8^/10

  persistence

  • Sets service image path in registry

    persistence
  behavioral1behavioral2

• • Target

    delete fortnie cheat + spoofer/deletespoofer.exe

  • Size

    42KB

  • MD5

    5b46c0aa6bafddf316af2a0771ecc731

  • SHA1

    c26c7a978aa1c4bb75db3facce673f9ef5dcc1ba

  • SHA256

    ac6079fc9056ab5062e71edde29e7d204ce27ab5dd19e51c2f66c0441c28e0d3

  • SHA512

    beb27b70f9d3666847f4d1042da9b68d787a43ab858254f063c900871a74e837e3e4b28379122af06802bc50dabbee66b54fc7a3d041e0f19a822cc23c1a68ac

  Score

  10^/10

  mercurialgrabberevasionspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral3behavioral4