Extracted

• • Target

    Boostrapper.exe

  • Size

    42KB

  • MD5

    9971c94257cdafd71d672fccd82c9250

  • SHA1

    448d3a0ab283023990c817c574aae61416fda823

  • SHA256

    c9fca0f6efecacb6dd81bb0a65989d770cd467369159c9daf08ff59bdc1e051b

  • SHA512

    1827b5934655f9457a94bdc6f187190e3953c1b0afb2f644bafcfc9ca4b6625057b7f81569a9f5974da88ec170f7e99eac182715059772752d78c66a252b66fa

  • SSDEEP

    768:ZPSm4lMmcgmpxuZsLRqTjAKZKfgm3Eh1A:5AWpvLRqT0F7E/A

  Score

  10^/10

  mercurialgrabberevasionspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Mercurialgrabber family

    mercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1