General
-
Target
Synapse_X.exe
-
Size
306KB
-
Sample
220208-ctdsxscbcn
-
MD5
4b10970bc9f2471119555eed253b116b
-
SHA1
60598f7dbacabea6d13507023631edc32c21e305
-
SHA256
b329f57c93e7b566651185a55962f0ec061b723be4535bc8cafc637ca4bff86b
-
SHA512
eed04da56031f93557c3469c5ccd2732512d78c8b5234b15277b7c2bf12e4f324ec3e41a70458aa61b85641cfb4757f128cc0896f2304f9b4e944fb66e672947
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/938829853707358228/GQ_fqwKcxJ8YNvJz6lIzbc99R2g0jdMT2WXyMUJx0ho6uumX8O1iBN9YC5VR8cJFbaNk
Targets
-
-
Target
Synapse_X.exe
-
Size
306KB
-
MD5
4b10970bc9f2471119555eed253b116b
-
SHA1
60598f7dbacabea6d13507023631edc32c21e305
-
SHA256
b329f57c93e7b566651185a55962f0ec061b723be4535bc8cafc637ca4bff86b
-
SHA512
eed04da56031f93557c3469c5ccd2732512d78c8b5234b15277b7c2bf12e4f324ec3e41a70458aa61b85641cfb4757f128cc0896f2304f9b4e944fb66e672947
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-