Resubmissions

28-05-2024 02:35

240528-c3cl8acg65 10

28-05-2024 02:34

240528-c2ncbsbe8y 10

General

  • Target

    SynapseX.Revamped.V1.5.rar

  • Size

    6.9MB

  • MD5

    358e3fc465a47e440775cd04fe9e9650

  • SHA1

    c0dea173ba12149b325de5831c2e08d8c3ff7b21

  • SHA256

    8739b236fb674c2c3516bc43ecf4b6583ea22ca0d4b2fe417b6223d654d52011

  • SHA512

    1a8dad583487280053ec13a088f02f54177f2c14318d9edfc60121884e6bda8e06979c47fa2e9100db21ecedcb30431a1842c2a6ef3c69f20b703ea07865348f

  • SSDEEP

    196608:SGOV4gKBR19F8lsJ7WJ+ZVNXARR+n9fmYclvlcf:SB4LFXKsJ7QmVNXARkVwl9cf

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Windows Update

C2

skbidiooiilet-31205.portmap.host:31205

Mutex

b2f09b33-2e5b-4ffa-afbf-3f1aaed274a6

Attributes
  • encryption_key

    6F721445F7E0B1CF58980D84A9D49F4458D4EFD9

  • install_name

    Update.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    WindowsUpdate

  • subdirectory

    Windows Update

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • SynapseX.Revamped.V1.5.rar
    .rar
  • SynapseX Revamped V1.5/SynapseXBootstrapper.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • SynapseX Revamped V1.5/bin/SynapseInjector.dll
    .dll windows:6 windows x86 arch:x86


    Headers

    Exports

    Sections