Extracted

• • Target

    Xeno-v1.1.35-x64/XenoV1.1.35.exe

  • Size

    68KB

  • MD5

    891b44dff823ec8ce1af4e3a2b346ffe

  • SHA1

    f0c1b6380519bc5cdd9078bebd5a4ff9e488d95f

  • SHA256

    11861df8624b22cc941879ccc11624af0e1406b97d5f7bd45e4571858ca65d2b

  • SHA512

    df537e1a18bb0306ccbb28ff2722718d3369b0b6d81cea76a52eceeb4e498ff9ca308eec7a2fbd78ef51a5ec27e77a06207bddadddcd71ce7352c2fb1a568701

  • SSDEEP

    768:kYV4lMmcgmpQuZZLwjTjRKZKfgm3EhIQyrf3XZOfdXc3AgqALMe5F6Oua:fAWp/LwjTVF7EmQwXZQ3gqAoGua

  Score

  10^/10

  mercurialgrabberdefense_evasionspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Mercurialgrabber family

    mercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    defense_evasion

  • Looks for VMWare Tools registry key

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2