Overview

overview

8

Static

static

3

syncthingt...32.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    syncthingtray.rar

  • Size

    40.4MB

  • Sample

    231118-yr1essgd5s

  • MD5

    a0b5b9aedb9ca4d05d1b681fa104a624

  • SHA1

    eb6694d20ddf971a4b0c4bbfd8e3e8cc6af01690

  • SHA256

    54dc5d3fdf5d2b41424d6ff2b18fd9c695e618a3700380030534eb77745f55b4

  • SHA512

    d64a0ae91a2cf5258056df61a7991f33ffcb3fd92b771d7b10d4182e3e104f92e8e51dc24f9cc87bb4d3607cfc010b6281e54d0f0d29c1677daa92f23e930ca7

  • SSDEEP

    786432:LJaNegHwpoYiP0u/M9zR4OuX/z3bvsxMyIlxUPAcfMZCpml+dWsmTZhqC:kNegE7+0u/M1R4z3bESyKYA8pKiWsmTh

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      syncthingtray-qt5-1.4.8-x86_64-w64-mingw32.exe

    • Size

      55.2MB

    • MD5

      b97591c58aab500cd43cf097f16deae5

    • SHA1

      73cd60c3fa04d62f515233fc112224ee7c9796a6

    • SHA256

      a527d8a6a86265bd87aaf17645731f3c34813ec91c715c8be72db42b12daf275

    • SHA512

      fed8e6986f94c90015ef0d39a462c07535eacfb716b81401cacd9c3ec773157c4cbfdea29763b070e985d1b4de73c18f74985210ab29809e688fe2c8a4b54de9

    • SSDEEP

      393216:/Tac307wDI5E92fEWW/JIgxtduw6LxdbiMXmWkqh31NFJ0T/8RckHJsv6tWKFduF:ba807wX92cWQqgjEHdN0/G7agI

    Score
    8/10
    discoverypersistence

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks