xenorat | SynapseX[.]revamaped[.]V1[.]3[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

SynapseX.revamaped.V1.3.rar
Size

659KB
MD5

25e767f22f576a1187ca297428a909b3
SHA1

a6ad4d278d09e0ecab07d095e996c91e9afb3b18
SHA256

13f63c65ac270ce6d8f462791b1bb0ca64b8f7000f230b1c2ade64db617c5eac
SHA512

37e4e4dd2d0c03d00f7afb024406f7445142b82f24648da287ef9008805af6b083223e9d0a34fa343bf5dc0300c701f71151eebe9be459157daf10d0d5275689
SSDEEP

12288:aPSH3BnY7Y78MKc1yLt6OX2CqsfcTJalg7BBU0g+6qBeS02xdJXWhd3cEx5sCB94:ASH3qcqc1yRxtqW4alg7vgpj2zJmhdMx

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

192.168.1.219

Mutex

131313131323

Attributes

delay
1000
install_path
temp
port
1234
startup_name
Windows Client

Signatures

Xenorat family
xenorat

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/SynapseX revamaped V1.3/Synapse X Installer.exe
unpack001/SynapseX revamaped V1.3/bin/OoxIi8qtt.exe

Files

SynapseX.revamaped.V1.3.rar
.rar
SynapseX revamaped V1.3/Synapse X Installer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SynapseX revamaped V1.3/auth/internal/3132e54eb7c.bin
SynapseX revamaped V1.3/bin/OoxIi8qtt.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 949KB - Virtual size: 948KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 41KB - Virtual size: 40KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 949KB - Virtual size: 948KB

.rsrc Size: 147KB - Virtual size: 147KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 949KB - Virtual size: 948KB

.rsrc
Size: 147KB - Virtual size: 147KB

.reloc
Size: 512B - Virtual size: 12B