General

  • Target

    SynapseX.revamaped.V1.3.rar

  • Size

    659KB

  • Sample

    240520-r53nrafa9t

  • MD5

    25e767f22f576a1187ca297428a909b3

  • SHA1

    a6ad4d278d09e0ecab07d095e996c91e9afb3b18

  • SHA256

    13f63c65ac270ce6d8f462791b1bb0ca64b8f7000f230b1c2ade64db617c5eac

  • SHA512

    37e4e4dd2d0c03d00f7afb024406f7445142b82f24648da287ef9008805af6b083223e9d0a34fa343bf5dc0300c701f71151eebe9be459157daf10d0d5275689

  • SSDEEP

    12288:aPSH3BnY7Y78MKc1yLt6OX2CqsfcTJalg7BBU0g+6qBeS02xdJXWhd3cEx5sCB94:ASH3qcqc1yRxtqW4alg7vgpj2zJmhdMx

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

192.168.1.219

Mutex

131313131323

Attributes
  • delay

    1000

  • install_path

    temp

  • port

    1234

  • startup_name

    Windows Client

Targets

    • Target

      SynapseX.revamaped.V1.3.rar

    • Size

      659KB

    • MD5

      25e767f22f576a1187ca297428a909b3

    • SHA1

      a6ad4d278d09e0ecab07d095e996c91e9afb3b18

    • SHA256

      13f63c65ac270ce6d8f462791b1bb0ca64b8f7000f230b1c2ade64db617c5eac

    • SHA512

      37e4e4dd2d0c03d00f7afb024406f7445142b82f24648da287ef9008805af6b083223e9d0a34fa343bf5dc0300c701f71151eebe9be459157daf10d0d5275689

    • SSDEEP

      12288:aPSH3BnY7Y78MKc1yLt6OX2CqsfcTJalg7BBU0g+6qBeS02xdJXWhd3cEx5sCB94:ASH3qcqc1yRxtqW4alg7vgpj2zJmhdMx

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      SynapseX revamaped V1.3/Synapse X Installer.exe

    • Size

      43KB

    • MD5

      769aad21a347b7576895910e55970390

    • SHA1

      36831993993050af72ea201cfa6ebc4726860e56

    • SHA256

      72e0f8bf690b647ae965d9a99f89c4f04c3b9500aac53f2a3fd376a2546b287a

    • SHA512

      9bb36a376f0b3e8a26a813f1054bf92a9ca737bd9eb96403d28b4edb81c361408a058e5ccefda3e44bbf4943d9799203665161b02394d35a05faa20851f670a5

    • SSDEEP

      768:d/jqPyqisr4dGirXAHg5rbWDdJwtZ69e7Sd/bDXNJb7bTDa/o1IV27C1:tNqwohJKZ69eKjBJb7bT2o1IgC1

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      SynapseX revamaped V1.3/auth/internal/3132e54eb7c.bin

    • Size

      2B

    • MD5

      f3b25701fe362ec84616a93a45ce9998

    • SHA1

      d62636d8caec13f04e28442a0a6fa1afeb024bbb

    • SHA256

      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    • SHA512

      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

    Score
    3/10
    • Target

      SynapseX revamaped V1.3/bin/OoxIi8qtt.exe

    • Size

      1.1MB

    • MD5

      a48d6b525da2501d8ec661f2f2f1b0e8

    • SHA1

      5737e465e5ffbed6b51e6775b5e05b5769f89e6b

    • SHA256

      a6e52cc20913ae168b7dcbb923ea8cd7bdda93e43399ec22a85dabfab14ddf3a

    • SHA512

      3cf1d6acbf1a3c3e99739af505b57aef7e8db5a2a84db2310c1d6490a097e11065510d2aaaac6ea71fd226b421d87be216993528e245e0bdee9b6000e68e32ab

    • SSDEEP

      24576:5EvX2R7XLISXF8ElQlt8K9MlOZNsST2R7:qvX2VLIS2Jt89LST2

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks