Extracted

• • Target

    84eb2c63dd363a740147908e0926d40eba7bbde57ee54759e43c667f6a1553dc.exe

  • Size

    42KB

  • MD5

    d50e6b03eadcf723526e7553ecc8a330

  • SHA1

    63887c4ccae831856040b02cf45033b523ea68ef

  • SHA256

    84eb2c63dd363a740147908e0926d40eba7bbde57ee54759e43c667f6a1553dc

  • SHA512

    76527773be283c7dc81ffea60fd632c68246d904c6c7b8ad22ca43bdffc5823e04f095c3b13ec844e097f804d940a64e576530b114df1c3b2da204b2caffdcf4

  • SSDEEP

    768:fqQ14KKqqI28Tj6rZDouZPLniTj4KZKfgm3Eh2W:S3NqH28TjQxLniTkF7EAW

  Score

  10^/10

  mercurialgrabberdefense_evasionspywarestealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Mercurialgrabber family

    mercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    defense_evasion

  • Looks for VMWare Tools registry key

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2