Extracted

• • Target

    CompCrackCS2 hackvshack.net.exe

  • Size

    42KB

  • MD5

    cc282dac347859f02523b113fbf950df

  • SHA1

    b1f64bdf9dbaf5fd3a746a9061778e4c5f413266

  • SHA256

    5253fdc6e12e6e0f9c905a94a19b73aaab264cf4cc1095d49ef9b586774f6c5c

  • SHA512

    fc6fd485bfc884d7f593595a2918d8a4561e60c42d5af85a0f303e660cd78e8fd7e2367f5c8ad8ad628f4a5d5abc7edae4f4fb4345ef64a5cbc712af7ae5bb01

  • SSDEEP

    768:GYuoLvnDylOcVuZiLM0ATjdKZKfgm3EhFP:zjnD9c3LM0AT5F7E/P

  Score

  10^/10

  mercurialgrabberdefense_evasionspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Mercurialgrabber family

    mercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    defense_evasion

  • Looks for VMWare Tools registry key

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2