Overview

overview

10

Static

static

3

Synapse.exe

windows7-x64

7

Synapse.exe

windows10-2004-x64

10

Resubmissions

12-05-2024 04:36

240512-e8aqxsca79 6

12-05-2024 04:26

240512-e2tkfsbf56 9

12-05-2024 04:22

240512-ezqqsabe56 10

12-05-2024 04:18

240512-ewyxzsbd26 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Synapse.exe

  • Size

    17.5MB

  • Sample

    240512-ezqqsabe56

  • MD5

    0c015a50850cec3d831b97980180b73b

  • SHA1

    3a95c7334e446975d3d22a753075f4941a00177c

  • SHA256

    fb025a0aa34315c3287c087cc598598732f8e96cbcba4cd5ea2d728a270e5467

  • SHA512

    47f49f646f0141f0f5cba08269ef3780f2e1d85707f32b94c363c208af827b82c0e1d98355da1e0240cb93eca6d3337b382db84a549ba93759bb719383eb2e84

  • SSDEEP

    393216:pv90+5gDTj5L1V8dXurEUWjsrfTbEkPKkvbuK+x:l9PkNRkdb8fTbIkSK+

Score
10/10
zgratdiscoveryevasionexecutionpyinstallerratspywarestealerupx

Malware Config

Targets

    • Target

      Synapse.exe

    • Size

      17.5MB

    • MD5

      0c015a50850cec3d831b97980180b73b

    • SHA1

      3a95c7334e446975d3d22a753075f4941a00177c

    • SHA256

      fb025a0aa34315c3287c087cc598598732f8e96cbcba4cd5ea2d728a270e5467

    • SHA512

      47f49f646f0141f0f5cba08269ef3780f2e1d85707f32b94c363c208af827b82c0e1d98355da1e0240cb93eca6d3337b382db84a549ba93759bb719383eb2e84

    • SSDEEP

      393216:pv90+5gDTj5L1V8dXurEUWjsrfTbEkPKkvbuK+x:l9PkNRkdb8fTbIkSK+

    Score
    10/10
    upxzgratdiscoveryevasionexecutionratspywarestealer

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks