General
-
Target
SynapseX.exe
-
Size
162KB
-
Sample
240906-aeyhnswdke
-
MD5
9f0f9363f4af30834830f79e6f4b106d
-
SHA1
fe1c65aee19fdb22e01ef6b8085e9ef7f129a198
-
SHA256
31dbefdd19d9ed9d055841fba2677de2a4cc70085b0684398b36a03d542d402a
-
SHA512
85b9475811a88ee3b3210a81ee921a0e57c715fc86cc9e4e1ca53f2d0413ca68f31fe7af9706ac18282e4f1c6a4fa2c3df03d02a3aeda20dd44dcb6d32bd1645
-
SSDEEP
3072:CCAeqTJF7ExgiVY8sBSPxCn7ksSKn/H+:DA+8+C7dSWv+
Malware Config
Extracted
mercurialgrabber
https://discordapp.com/api/webhooks/919253082930561024/1ZkyHALR4HtVMamDsSo-GHiRzv_ZdttSm1dB3hEFn814XR0ZI9vUjPFpkcrUkoXxQ7nt
Targets
-
-
Target
SynapseX.exe
-
Size
162KB
-
MD5
9f0f9363f4af30834830f79e6f4b106d
-
SHA1
fe1c65aee19fdb22e01ef6b8085e9ef7f129a198
-
SHA256
31dbefdd19d9ed9d055841fba2677de2a4cc70085b0684398b36a03d542d402a
-
SHA512
85b9475811a88ee3b3210a81ee921a0e57c715fc86cc9e4e1ca53f2d0413ca68f31fe7af9706ac18282e4f1c6a4fa2c3df03d02a3aeda20dd44dcb6d32bd1645
-
SSDEEP
3072:CCAeqTJF7ExgiVY8sBSPxCn7ksSKn/H+:DA+8+C7dSWv+
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1