Extracted

• • Target

    JaffaCakes118_b329f57c93e7b566651185a55962f0ec061b723be4535bc8cafc637ca4bff86b

  • Size

    306KB

  • MD5

    4b10970bc9f2471119555eed253b116b

  • SHA1

    60598f7dbacabea6d13507023631edc32c21e305

  • SHA256

    b329f57c93e7b566651185a55962f0ec061b723be4535bc8cafc637ca4bff86b

  • SHA512

    eed04da56031f93557c3469c5ccd2732512d78c8b5234b15277b7c2bf12e4f324ec3e41a70458aa61b85641cfb4757f128cc0896f2304f9b4e944fb66e672947

  • SSDEEP

    1536:aA3xRyBVXL2XTTF7En368YVLNXfiQ/EWku3gN31+9OB8fq5doMgDHeES9XJ4bFOk:XyBVXL8TTF7En3680Z6y3ikZSlzUF

  Score

  10^/10

  mercurialgrabberevasionspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Mercurialgrabber family

    mercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2