Extracted

• • Target

    b47660d667192eb8ff7bd90f82b96be3_JaffaCakes118

  • Size

    42KB

  • MD5

    b47660d667192eb8ff7bd90f82b96be3

  • SHA1

    99b79b8354ce8daa2aebc344075922764f237291

  • SHA256

    99222d220790ce759074bf80fa779bb900e13cb799c5062d6c99f434a7de7f85

  • SHA512

    80dce47853a76bda22dc6f14563ae8ae3d687fd611928b493cea7ebef45a96e47f9519846c22bdb97608e6c616c644d6b2ce3787836b38df2396fe57d7158bd1

  • SSDEEP

    768:TuLYNqV41M76auZZLruTjgKZKfgm3Eh6X:yeqWA6FLruTEF7EAX

  Score

  10^/10

  mercurialgrabberevasionspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Mercurialgrabber family

    mercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2