Extracted

• • Target

    de8b75370416b592f0545e700f594bb3

  • Size

    117KB

  • MD5

    de8b75370416b592f0545e700f594bb3

  • SHA1

    1b444bbace2a9a88d244f0037bce199687fc868f

  • SHA256

    65aa73a25ac570c128a19f9f4d46a68a063c180b95b4da48850e766b3d4f9ca0

  • SHA512

    e1be349ed81381f57ac38294e592d125c0a8ed33a491e3ff2c494329389e601aebfb69a37fed6f37280a489c417293db391e8a233e414e01e1a8ebdbb82708b9

  • SSDEEP

    3072:7DFWfJrrUdF9oMqPYGnC2ZFv8C85W2Ssn13UtjY8kfJCnzXw/X:7hWBrA/Ug6qvn5U5fCk

  Score

  10^/10

  mercurialgrabberevasionspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2