Extracted

• • Target

    2025-04-03_76ea72164dd28c5f3e8a1bc5f2762b5c_amadey_esfury_rhadamanthys_smoke-loader

  • Size

    3.5MB

  • MD5

    76ea72164dd28c5f3e8a1bc5f2762b5c

  • SHA1

    8ce5f0888f5368c091107e9ba77cfc42e0c5f8df

  • SHA256

    aff971e3e4484669c73c912ab3fed84dab8b9ce036d0ac717abe2fbf176276e1

  • SHA512

    42160cf01c583aac9a8280f20eda925cf14588c71bd1c17997bded1618c0901d2f1d03e7ea926458f5abac7a30222f394e78c34e00103d9303acebd4aa06090b

  • SSDEEP

    98304:6kkjozJ9/im8XVBKl6t1buVfRhq+5tXzgCa/TY:68zJpjS346t1bIfuq07

  Score

  10^/10

  mercurialgrabberagilenetdefense_evasiondiscoveryspywarestealerupx

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber

  • Mercurialgrabber family

    mercurialgrabber

  • Looks for VirtualBox Guest Additions in registry

    defense_evasion

  • Looks for VMWare Tools registry key

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1