6b6b1a42b93d9f5ff75f177d5e34dcb32c6aa6cea86b0f3b6d7671440348c1ca

General

Target

S^X.rar
Size

17.1MB
Sample

240516-agh6rsbe73
MD5

02527e0d6f69cf0b9445adcb49b8641e
SHA1

6968d986078e4e4f5d32cf0a7ef68d395612e431
SHA256

6b6b1a42b93d9f5ff75f177d5e34dcb32c6aa6cea86b0f3b6d7671440348c1ca
SHA512

a7a9798ba85dc81da08df712e84926d14d985ab6b241c3b33ad7af3117790c5c135bd466473f8e555efa99fa8187a7e8757595d3b500c9b5d11a71740052ffad
SSDEEP

393216:3EB4W07/rD6xP8Kt2rFYxD8cL4MEpjyNiIk/Sh9DA3fu:5DvI2rFYxDfEMEa7DA3fu

Score

8^/10

Malware Config

Targets

- Target
  
  S^X/synapse/synapse-v2.exe
- Size
  
  9.6MB
- MD5
  
  972a364bb9707da9a45f82915fa84b45
- SHA1
  
  abda7d54a96b4ea0382126316a5259cd269e9435
- SHA256
  
  d674cd5a9d55433496f530f37cc0085ff89ce66b6c118b0791a6dbb1c9a692ab
- SHA512
  
  b59f5cbb30cb86798d6772c541f598afa2715dec8e96f2577b3dae10e15cbd4260298c3210926325030ab640144bf136a6e39161c2792e6167ef489a9973e8cb
- SSDEEP
  
  98304:uYKw+W6kPBiJOmzPx0NEzB5rEVZqFgwC735:abW6kYgUx0NEV54VMC735
Score

8^/10

execution persistence spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2