66268aed698f7adae7052da5ed7732545a9ec12a206e9a04585e5f8f89620e38 | Triage

Resubmissions

12/01/2023, 18:02

230112-wmhcbacg3y 9

11/01/2023, 21:35

230111-1fb9yaad3x 9

Sharing

Copy URL Twitter E-mail

General

Target

Synapse X.exe
Size

1.1MB
Sample

230111-1fb9yaad3x
MD5

0f2fdcdf9c38f7bd4dd7a50495fec1c1
SHA1

54cddd6dceef2b5d7f11b4d9a5606586ddae8dfd
SHA256

66268aed698f7adae7052da5ed7732545a9ec12a206e9a04585e5f8f89620e38
SHA512

6fbe09d840c1dcafcbc949a0a35d20615abab7ae0453a6930ccf379539c996481d0d5922f5b79581afa3630807ff83331edabc6dfb160bac2176f816662490c8
SSDEEP

12288:x/kTcGtQyWa+e9+/mxAv6VS8dRsSt+B47fbDuOGPsfVmm6ZbrAUvfOWZH+kT:x/ZSQyvp+/m6v6Q8dRD5etc6ZbXfOWZ

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  Synapse X.exe
- Size
  
  1.1MB
- MD5
  
  0f2fdcdf9c38f7bd4dd7a50495fec1c1
- SHA1
  
  54cddd6dceef2b5d7f11b4d9a5606586ddae8dfd
- SHA256
  
  66268aed698f7adae7052da5ed7732545a9ec12a206e9a04585e5f8f89620e38
- SHA512
  
  6fbe09d840c1dcafcbc949a0a35d20615abab7ae0453a6930ccf379539c996481d0d5922f5b79581afa3630807ff83331edabc6dfb160bac2176f816662490c8
- SSDEEP
  
  12288:x/kTcGtQyWa+e9+/mxAv6VS8dRsSt+B47fbDuOGPsfVmm6ZbrAUvfOWZH+kT:x/ZSQyvp+/m6v6Q8dRD5etc6ZbXfOWZ
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1