Extracted

• • Target

    citizen-scripting-lua54.dll

  • Size

    2.3MB

  • MD5

    ea825479182f32a34268705e1c998aae

  • SHA1

    5cc5e2b6447557cfdbbbe2d1b0ace63867ac08eb

  • SHA256

    230fb7a0dfd5ab6a525debd919288854ffd057ecdd5a06558ce9f4041d2e0ea6

  • SHA512

    2a582a1d620508467df565d3cb6ede330511b53ec14272c42ca31c75f7249ea352a4cf8ef61a9102278e5549ea24f995cc4a0f6af9a418bf6d22d91ddcee0814

  • SSDEEP

    24576:0zKtOWrzbqebqaEc/tEpEKZaElF2KVemZvL9weeSmPvKvef0FmISPos+IleWgg3u:IWrzJbqaEc/ET229BLufVeW5v10j

  Score

  10^/10

  mercurialgrabberdiscoverystealer

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Mercurialgrabber family

    mercurialgrabber

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1