Extracted

• • Target

    41b97af3b62be4323ff65c0c7f16e00c.exe

  • Size

    189KB

  • MD5

    41b97af3b62be4323ff65c0c7f16e00c

  • SHA1

    d86f5294e70d84c7568c7c915a475baf9f6066fd

  • SHA256

    188b92986af1e9cf65af8616b7e7deda342fbfa2afaf39dacdbc899ab41e37d9

  • SHA512

    7b81419e5e01bd48e0466215d116aab16651562294428a5ed60ec49cb268d2f2b1287123f8820361724e2f132dee17eb656ce3ccdea1be7809c00c401bcd4cf7

  • SSDEEP

    3072:iIwFLWT5F7EAEcq/O50AHLATeitOzVQzpcZEQMcemwf2Z+sP:twFQEK0ILkZOzVeWOQNeNf2EsP

  Score

  10^/10

  mercurialgrabberevasionspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2