mercurialgrabber | 016e468dcb9c8b349ea88e51564c90414e6f9dbab669d4664160fd252d6c7709 | Triage

Submit
Reports

Overview

overview

Static

static

SynapseXCracked.exe

windows10-1703-x64

Sharing

General

Target

SynapseXCracked.exe
Size

46KB
Sample

221213-jv3a8sgh91
MD5

8809226e42c92dc68736a715a98bc7e1
SHA1

ebe96f36e53b0fd3b2d102e748764229fe0b1387
SHA256

016e468dcb9c8b349ea88e51564c90414e6f9dbab669d4664160fd252d6c7709
SHA512

296a7a71a1373f936dd301890b32f00f5dbe0fae8b7e52657bc1ecf92cc317e0e046a7ec77c6ce23e3e9a468e2837367a0d74dc32dd57f42ebdff0355d42a3cf
SSDEEP

768:0Tf/dGAYt7RRHCOuZLLpXTjvKZKfgm3EhmsR:0TX2pRRHCbLpXTbF7EIs

Score

10^/10

mercurialgrabber evasion spyware stealer

Static task

static1

mercurialgrabber

1 signatures

Behavioral task

behavioral1

Sample

SynapseXCracked.exe

Resource

win10-20220901-en

mercurialgrabber evasion spyware stealer

windows10-1703-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/869758722644250624/RXmyKRDD8oo2DW2avV8b-C6-SKCT0VfycPLDWPdptVh3MWm7wubyWIaAWUm7Yhfe-QDK

Targets

- Target
  
  SynapseXCracked.exe
- Size
  
  46KB
- MD5
  
  8809226e42c92dc68736a715a98bc7e1
- SHA1
  
  ebe96f36e53b0fd3b2d102e748764229fe0b1387
- SHA256
  
  016e468dcb9c8b349ea88e51564c90414e6f9dbab669d4664160fd252d6c7709
- SHA512
  
  296a7a71a1373f936dd301890b32f00f5dbe0fae8b7e52657bc1ecf92cc317e0e046a7ec77c6ce23e3e9a468e2837367a0d74dc32dd57f42ebdff0355d42a3cf
- SSDEEP
  
  768:0Tf/dGAYt7RRHCOuZLLpXTjvKZKfgm3EhmsR:0TX2pRRHCbLpXTbF7EIs
Score

10^/10

mercurialgrabber evasion spyware stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberevasionspywarestealer

© 2018-2024

Terms | Privacy