vanillarat

General

Target

SynapseFromWish.zip
Size

4.1MB
Sample

230912-kdswxaeh36
MD5

5925765f102fcd65fc8205d7a4bec306
SHA1

23e32ec67c3df880e4e9d97425d5f8584c88b3a6
SHA256

4cf43fb3fd0c9512573a0f601f74101816706cc5e71470ab84e106cf29cbf589
SHA512

1cc3967f1c681daceee92289ac9812e5a38a5e2c0f792223da17a3c9f8f1de5928175173293608d4a8645cd3578746534c9ec68fd0fc51f26b157c9c0e90915f
SSDEEP

98304:9y3AoidSnb3St1AVqP/i9a7RfQqMT+rgNm/MutwidM67ipmZwM6/BOVaob6:9gAojmt1oqP/Aa7Kh+rQmlfu6umZi4VU

Score

10^/10

Malware Config

Targets

- Target
  
  SynapseFromWish/injector.exe
- Size
  
  114KB
- MD5
  
  311b5c55bcd7a7bf987d264a3904770e
- SHA1
  
  7df136430c19887e24cff480d6346dc9e75d2029
- SHA256
  
  680d7600e0985ce1ec135784b11cf8eef62d4e6dcb540ccc082e339dffa89504
- SHA512
  
  686a8041c9c1edb40e86439052813e78dab7b86e6d02b35268cf65780046ba164d3a26481c34247beac9c4518e4f69ceb5228e9f7af378ad83a5449e9573b271
- SSDEEP
  
  3072:vgZApdYrD28fbJB2yLtyTQbjjxK3QdjrxivW+DXnH4vymbsF1Y:v/pe1J0QbXtrxivW+D34v4
Score

10^/10

vanillarat persistence rat
- VanillaRat
  VanillaRat is an advanced remote administration tool coded in C#.
  rat vanillarat
- Vanilla Rat payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  SynapseFromWish/release-v2.exe
- Size
  
  6.1MB
- MD5
  
  f7acd0852bb12402618146b0d16f354e
- SHA1
  
  211e1174154435cf731ffd70c69cc9050f924174
- SHA256
  
  02131c1bff27d6b1d89013f963095a425a32f8506e69799e7087554461bbbd9d
- SHA512
  
  6dee8dcc59d0ac59728c7750cba5c570797e91cd39755c4b910c95ee0dfb3b0e1c69d954970a3638ded9ec411927226c2468adc39471671ea7f96ebe402298cc
- SSDEEP
  
  196608:pNsMnreFZyDr0jUSCYKdY0ZVeQ+KMm6XOeRJpyrMS0kRkZ0YezmEse7IBWc7pH9K:pyc7/Zd31VC7WcVHdPa4c15D
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  SynapseFromWish/start.bat
- Size
  
  52B
- MD5
  
  e078b3e0a3e8e4991e860eb41291c825
- SHA1
  
  29c7490038d188305c873d95794bb09a10c8e3fb
- SHA256
  
  5efe557c07c98300d0bd0b153f8e788cbbd26c25aa9eeef93848a2137bbf0782
- SHA512
  
  5881c68f281b2ab61a682b3bdf873aa2eb78f2f2dbdc7ae9a8317f6e9b2a6dc73c50c29af7d2d678f705b464985801bd6d9d7b58441cb9897d6fa851e4d9fc91
Score

10^/10

vanillarat persistence rat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VanillaRat
  VanillaRat is an advanced remote administration tool coded in C#.
  rat vanillarat
- Vanilla Rat payload
  rat
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral5 behavioral6