Extracted

• • Target

    unbannedgg val cl3aner.exe

  • Size

    42KB

  • MD5

    ddaca7ade8d5d4f1f2c1b8effa9e2e08

  • SHA1

    109429140514f86626d9307f2b3a988737030411

  • SHA256

    fefbb7e062fec0292c8c99654aae9b865f6d53742e39e7db1279b637feb1619d

  • SHA512

    14fd4aff9363afa5480095852304885ebfdfc60d6874cd647dd84846ce11c00868e94fad9b45fd8891619657b8a39a1c39f5bee6f73db19ccac58e011e430c29

  • SSDEEP

    768:h4Mrj8n817YkWgHi6uZbLQSTj9KZKfgm3Eh0o:dVtHinLQSTJF7EKo

  Score

  10^/10

  mercurialgrabberdefense_evasiondiscoveryspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Mercurialgrabber family

    mercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    defense_evasion

  • Looks for VMWare Tools registry key

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2