Overview

overview

10

Static

static

10

Synapse X ...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Synapse X Launcher.exe

  • Size

    3.2MB

  • Sample

    240513-mf2b6sbb82

  • MD5

    3854a6572a9a5a25bccbd13664713915

  • SHA1

    b7c3ca681c1dcb328113c5966bbd96aed541ae64

  • SHA256

    6c4367e763852b7afe852905e9d7baba18ac33c1e4eaf8370350824fb3ffce86

  • SHA512

    80fb1425c57d7984da87349efdc0c4508296b58548e62ee4743215edd1058818154cb1207b95ec74299c7b61953f19f71c6ab0d325126efd21d8c5749ad69452

  • SSDEEP

    49152:pvblL26AaNeWgPhlmVqvMQ7XSKB/RJ6UbR3LoGdM+THHB72eh2NTgj:pvBL26AaNeWgPhlmVqkQ7XSKB/RJ6e

Score
10/10
quasarwindows updatespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Windows Update

C2

espinyskibidi-29823.portmap.host:29823

Mutex

a94ba996-69af-4720-85e6-f4929c5eb0f8

Attributes
  • encryption_key

    6F721445F7E0B1CF58980D84A9D49F4458D4EFD9

  • install_name

    Update.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Update Startup

  • subdirectory

    Windows Update

Targets

    • Target

      Synapse X Launcher.exe

    • Size

      3.2MB

    • MD5

      3854a6572a9a5a25bccbd13664713915

    • SHA1

      b7c3ca681c1dcb328113c5966bbd96aed541ae64

    • SHA256

      6c4367e763852b7afe852905e9d7baba18ac33c1e4eaf8370350824fb3ffce86

    • SHA512

      80fb1425c57d7984da87349efdc0c4508296b58548e62ee4743215edd1058818154cb1207b95ec74299c7b61953f19f71c6ab0d325126efd21d8c5749ad69452

    • SSDEEP

      49152:pvblL26AaNeWgPhlmVqvMQ7XSKB/RJ6UbR3LoGdM+THHB72eh2NTgj:pvBL26AaNeWgPhlmVqkQ7XSKB/RJ6e

    Score
    10/10
    quasarwindows updatespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks