Extracted

• • Target

    ae3a20db60729e69b81814151b161e71219f1d8c14beb64a07f47fb2dde8f668

  • Size

    42KB

  • MD5

    fb1456b3b636f053cbc957205e622607

  • SHA1

    bac4d4141fa0f0b420d5d75cf4bbd7c35a03548e

  • SHA256

    ae3a20db60729e69b81814151b161e71219f1d8c14beb64a07f47fb2dde8f668

  • SHA512

    886a8f22ed9ce0ce73e81186fd4087c05a45f8314add4a64948d2695e8f51fdc3a6724ef83e52262dc8aa042b7583250b5366cf0d2e5721984cad1e25db57f28

  • SSDEEP

    768:y/D0qZiQrpLvZ8DylO8zuZ4LdhTj6KZKfgm3Ehh6:y/Xj6D98zLdhTGF7Ej6

  Score

  10^/10

  mercurialgrabberevasionstealerspyware

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2