Extracted

• • Target

    JaffaCakes118_037ce49f267667b679cbf2fb94001f28

  • Size

    4.0MB

  • MD5

    037ce49f267667b679cbf2fb94001f28

  • SHA1

    b3f0b51f189a62f04817b37d428e8aef9f6b8e7e

  • SHA256

    9d37032e823df7f4a195dfbee978c3a9657dd9e658d6a1708922b3ba8e04675b

  • SHA512

    35779c857861dfc2cfcc57016a8cc1d60caf90eae31f3ab0cece943243eca983a13a8238375cbad499eceb395e841e8047330700775c592a3bee348d16a05160

  • SSDEEP

    49152:NExtvMTqVBGxMQg3Q3cX5C/wnvdAlPjcmYl0XzrT:A0TqnAX

  Score

  10^/10

  mercurialgrabberdiscoveryevasionpersistencespywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Mercurialgrabber family

    mercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2