Extracted

• • Target

    e9a07674a035bb2a1e4f233c41269edd_JaffaCakes118

  • Size

    42KB

  • MD5

    e9a07674a035bb2a1e4f233c41269edd

  • SHA1

    503908c418187bfc8f48533338aed01e667bf5fa

  • SHA256

    c2603d684ad273865985ea6e7ce27c9236e173d7633a72f2378a1309d9ec77ac

  • SHA512

    4eae0fd13cd2503253361f018cf886733e586174879ad06bf02bb60c25651e0af417b741083e4672dc05a822528b52aa77f7ea17678ec3d38428b0a272241215

  • SSDEEP

    768:fpIa5EMf4LB//4MouZgLL5TjoWKZKfgm3Ehdw:pE04L9D6LL5TcWF7Erw

  Score

  10^/10

  mercurialgrabberevasionspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2