General
-
Target
SynapseXCracked.exe
-
Size
46KB
-
Sample
221213-jv3a8sgh91
-
MD5
8809226e42c92dc68736a715a98bc7e1
-
SHA1
ebe96f36e53b0fd3b2d102e748764229fe0b1387
-
SHA256
016e468dcb9c8b349ea88e51564c90414e6f9dbab669d4664160fd252d6c7709
-
SHA512
296a7a71a1373f936dd301890b32f00f5dbe0fae8b7e52657bc1ecf92cc317e0e046a7ec77c6ce23e3e9a468e2837367a0d74dc32dd57f42ebdff0355d42a3cf
-
SSDEEP
768:0Tf/dGAYt7RRHCOuZLLpXTjvKZKfgm3EhmsR:0TX2pRRHCbLpXTbF7EIs
Behavioral task
behavioral1
Sample
SynapseXCracked.exe
Resource
win10-20220901-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/869758722644250624/RXmyKRDD8oo2DW2avV8b-C6-SKCT0VfycPLDWPdptVh3MWm7wubyWIaAWUm7Yhfe-QDK
Targets
-
-
Target
SynapseXCracked.exe
-
Size
46KB
-
MD5
8809226e42c92dc68736a715a98bc7e1
-
SHA1
ebe96f36e53b0fd3b2d102e748764229fe0b1387
-
SHA256
016e468dcb9c8b349ea88e51564c90414e6f9dbab669d4664160fd252d6c7709
-
SHA512
296a7a71a1373f936dd301890b32f00f5dbe0fae8b7e52657bc1ecf92cc317e0e046a7ec77c6ce23e3e9a468e2837367a0d74dc32dd57f42ebdff0355d42a3cf
-
SSDEEP
768:0Tf/dGAYt7RRHCOuZLLpXTjvKZKfgm3EhmsR:0TX2pRRHCbLpXTbF7EIs
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-