General
-
Target
syncthingtray-1.4.8-x86_64-w64-mingw32.exe.zip
-
Size
25.3MB
-
Sample
231118-xwbrkagc5y
-
MD5
b104109ae27eb922ba01695c55214595
-
SHA1
9b06152781955f82bae75f49f1d040ffd241a24e
-
SHA256
8aa8b2613db4d06a19bbf89bf785de3859e05606441b94b3d7a3586f6aba16c0
-
SHA512
8b9b2cc1f878fdb8083bc7a58b822c76159b7052a0555b53f10fd03640dcf137b92ef5c6882f68e59d7248b9bf598b371e276d3934bdeff47bd7de007605bfbf
-
SSDEEP
786432:jpCFwas8W+aLnY+FD8Ph2oThjOsCk8NG7vsop:jkT7sNoFDCkW0s0
Malware Config
Targets
-
-
Target
syncthingtray-1.4.8-x86_64-w64-mingw32.exe
-
Size
56.6MB
-
MD5
6f8fa5765d431502e9263353be39182f
-
SHA1
96fd5a5ec540c2288a3c0ff633d116f17ca9bc78
-
SHA256
49cab04a347bbf5e2ab5bdea91a7587532119758d021b8ba6176da9b743f26bd
-
SHA512
ba35e3ea5dd980d0b1017db09aa8a9dedec16cf1c4cca5a3b19d441fd2f7a24630925e27e43fbde81eefca8da052e0dfa1622c8ba43786c559313f0bad1f3d88
-
SSDEEP
393216:ugl/Oo5HuoKomeTyPOEzglOX/j7sZ/WU21gsn1NFJ0T/8BcfxMOKFdu9CwJsv6tY:ug9FHuxo2PO08OX/jIUN1gGN0/qmMZL
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1