General
-
Target
synapse-v2-launcher-12-5-22.zip
-
Size
80.3MB
-
Sample
230423-trvgbsgb2t
-
MD5
9e0aeab6cb22ef80c202fab5181b8a2d
-
SHA1
6177bc2b7e233a04153dcdfef59276f88100ce30
-
SHA256
4a0f85cd7c39f90298bd752547765b58f7823cadd424c9f3ae54235bb894af35
-
SHA512
a622aabb0b8e9192df0c5bb57a3ccb80a87ef33d8bd23ff97481f1055c9d5bc2bfca11c394dcae46d0c44ff0bb5a0ecbb3203fda608f0623455f1608c233685c
-
SSDEEP
1572864:3DWCwerG4hPvcfaaW1NnHdnpgHUjEWOceVE0SOBSOddN:3D3weyIAaJnHdnp4UgWFeVE0SOBSOdX
Behavioral task
behavioral1
Sample
synapse-v2-launcher-12-5-22/Synapse Launcher.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
quasar
1.4.1
Client Server Runtime Process
botnetps.ddns.net:7788
73a7a3ae-9e7f-4634-9425-80eaaded0637
-
encryption_key
86012C170FF838996242C2B7E10C4FB0D28A8729
-
install_name
RobloxStudioLauncherBeta.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
Roblox
Targets
-
-
Target
synapse-v2-launcher-12-5-22/Synapse Launcher.exe
-
Size
3.2MB
-
MD5
5097864cd52044cbdfa58a285584a78e
-
SHA1
605bc1cd0a166ddff86216ac884cd3cb7b1ae007
-
SHA256
6529401bd18baaa7666ac93568a0f729eb5ac129ad7df7156fc48f3e1d697609
-
SHA512
1da88117994322e65f38bf02d4955513d882d7ff2d9c1cdb776eb95689a4ecb412af25f155fc0bf5704751dd2d29b4a2c441529d0d8543d1c48716f29bb4641b
-
SSDEEP
49152:4vjlL26AaNeWgPhlmVqvMQ7XSKIgRJ6YbR3LoGdcuTHHB72eh2NT6:4vZL26AaNeWgPhlmVqkQ7XSKIgRJ6yv
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-