52ab2c2ff02a1f69ce5cbbe17b4c98ee62f37b1507c14b4574da012a2e3eb5d7 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

RazerSynapse_JC.exe

windows7-x64

9

RazerSynapse_JC.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

RazerSynapse_JC.exe
Size

5.6MB
Sample

230901-wmlpqsgd9t
MD5

28833c2c2f11d7f5bf184ba75e5fe85d
SHA1

c37c2c32e980facf98f1c1a756eb1d6f48817e8f
SHA256

52ab2c2ff02a1f69ce5cbbe17b4c98ee62f37b1507c14b4574da012a2e3eb5d7
SHA512

6198ecb271be29b9e8bb91d4c0a8a88d738472456fea497aec3d56d5ddbbdbb85fc9a549b6f196314ed93cf288465a117577db58f43e7feca3b273f3bd13b011
SSDEEP

98304:2bY0k0m1Ckswpguw85fj4hBb1OSFAFllTSPE2Zap9uLHlpNTo84aRoSDb:2brE12Wgu/8OuAFllT7em9oHlpxdg

Score

9^/10

evasion pyinstaller upx vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

RazerSynapse_JC.exe

Resource

win7-20230831-en

evasion vmprotect

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

RazerSynapse_JC.exe

Resource

win10v2004-20230831-en

evasion pyinstaller upx vmprotect

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  RazerSynapse_JC.exe
- Size
  
  5.6MB
- MD5
  
  28833c2c2f11d7f5bf184ba75e5fe85d
- SHA1
  
  c37c2c32e980facf98f1c1a756eb1d6f48817e8f
- SHA256
  
  52ab2c2ff02a1f69ce5cbbe17b4c98ee62f37b1507c14b4574da012a2e3eb5d7
- SHA512
  
  6198ecb271be29b9e8bb91d4c0a8a88d738472456fea497aec3d56d5ddbbdbb85fc9a549b6f196314ed93cf288465a117577db58f43e7feca3b273f3bd13b011
- SSDEEP
  
  98304:2bY0k0m1Ckswpguw85fj4hBb1OSFAFllTSPE2Zap9uLHlpNTo84aRoSDb:2brE12Wgu/8OuAFllT7em9oHlpxdg
Score

9^/10

evasion vmprotect pyinstaller upx
- Looks for VirtualBox Guest Additions in registry
  evasion
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionvmprotect

behavioral2

evasionpyinstallerupxvmprotect

© 2018-2025

Terms | Privacy