Extracted

• • Target

    6ba867420e102e3459cf65b9fdf49da2_JaffaCakes118

  • Size

    197KB

  • MD5

    6ba867420e102e3459cf65b9fdf49da2

  • SHA1

    619c4d83e8d8311b80c9278ee89d8c98570b85d3

  • SHA256

    74cd917620b9b29722b1b54e631eeae9ed4ae7692b20d05077e7c7a303ba5f68

  • SHA512

    6edd329f4370a5ecc8089a28f68f26f2cb02e2b4a94dc0fd026709666266a3ffd9c4ec7f5017b151b2bee5e08909a35a6b5b5cb99ec75b80463f8917d53f3c90

  • SSDEEP

    1536:vJGSoeLR9TOF7Ee2/DVasc/D9Pc6fwyIC:vJseLPTOF7Ee2/DVasc/D906fwyIC

  Score

  10^/10

  mercurialgrabberevasionspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2