General
-
Target
Nighty Cracked.exe
-
Size
12.9MB
-
Sample
230812-15979seh63
-
MD5
9deb311c3dcba25f8137fc9899ea53d9
-
SHA1
0df439e5a81bcc9ad2a16d355e162e2e1a924677
-
SHA256
f139b4bfb6083201640fa4350b3adf07884481575950a6a2fd7ec163cebbbd6b
-
SHA512
1df19ac36c6584f49868e6934afe3c284e854b1163725a4d84e14aa98c8e67a986bb8b286973a7f45e062f63f833a9491fa3e46e714d0b7d1c19ee9aa4221360
-
SSDEEP
393216:5nlwFYPkCJvB+w45/rTwev60NeZGwLLy0kQNVZry7Y/:xcYs6vcwk3lxNeYELySTm
Static task
static1
Behavioral task
behavioral1
Sample
Nighty Cracked.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
asyncrat
1.0.7
Default
DcRatMutex_corrupts
-
delay
1
-
install
true
-
install_file
Runtime Broker.exe
-
install_folder
%AppData%
Extracted
mercurialgrabber
https://discord.com/api/webhooks/882066246785462322/M-e55CAAMmbFyki7oPLKbuFqpnhbQfcdBg0v5RgtKNAxL2iUcS1GmM0ncXf_s9i65KBD
Targets
-
-
Target
Nighty Cracked.exe
-
Size
12.9MB
-
MD5
9deb311c3dcba25f8137fc9899ea53d9
-
SHA1
0df439e5a81bcc9ad2a16d355e162e2e1a924677
-
SHA256
f139b4bfb6083201640fa4350b3adf07884481575950a6a2fd7ec163cebbbd6b
-
SHA512
1df19ac36c6584f49868e6934afe3c284e854b1163725a4d84e14aa98c8e67a986bb8b286973a7f45e062f63f833a9491fa3e46e714d0b7d1c19ee9aa4221360
-
SSDEEP
393216:5nlwFYPkCJvB+w45/rTwev60NeZGwLLy0kQNVZry7Y/:xcYs6vcwk3lxNeYELySTm
-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-