quasar | SynapseX[.]Revamped[.]V1[.]5[.]rar

Resubmissions

28-05-2024 02:35

240528-c3cl8acg65 10

28-05-2024 02:34

240528-c2ncbsbe8y 10

Sharing

Copy URL

Twitter E-mail

General

Target

SynapseX.Revamped.V1.5.rar
Size

6.9MB
MD5

358e3fc465a47e440775cd04fe9e9650
SHA1

c0dea173ba12149b325de5831c2e08d8c3ff7b21
SHA256

8739b236fb674c2c3516bc43ecf4b6583ea22ca0d4b2fe417b6223d654d52011
SHA512

1a8dad583487280053ec13a088f02f54177f2c14318d9edfc60121884e6bda8e06979c47fa2e9100db21ecedcb30431a1842c2a6ef3c69f20b703ea07865348f
SSDEEP

196608:SGOV4gKBR19F8lsJ7WJ+ZVNXARR+n9fmYclvlcf:SB4LFXKsJ7QmVNXARkVwl9cf

Score

10^/10

windows update quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Windows Update

skbidiooiilet-31205.portmap.host:31205

Mutex

b2f09b33-2e5b-4ffa-afbf-3f1aaed274a6

Attributes

encryption_key
6F721445F7E0B1CF58980D84A9D49F4458D4EFD9
install_name
Update.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
Windows Update

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/SynapseX Revamped V1.5/SynapseXBootstrapper.exe	family_quasar

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/SynapseX Revamped V1.5/SynapseXBootstrapper.exe
unpack001/SynapseX Revamped V1.5/bin/SynapseInjector.dll

Files

SynapseX.Revamped.V1.5.rar
.rar
SynapseX Revamped V1.5/SynapseXBootstrapper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SynapseX Revamped V1.5/bin/SynapseInjector.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_SynCollectHardwareInformation@4
_SynHashData@12
_SynHwidGrab@8
_SynInject@16
_SynPrepForExit@4
_SynSignRequest@8

Sections

Size: 510KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 275KB - Virtual size: 946KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exdata
Size: - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.loadcon
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boot
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.init
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 32B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 510KB - Virtual size: 1.0MB

Size: 275KB - Virtual size: 946KB

Size: 3KB - Virtual size: 202KB

Size: 512B - Virtual size: 480B

Size: 60KB - Virtual size: 157KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 7KB - Virtual size: 7KB

.exdata Size: - Virtual size: 7.6MB

.loadcon Size: 1024B - Virtual size: 4KB

.boot Size: 5.2MB - Virtual size: 5.2MB

.init Size: 512B - Virtual size: 512B

.reloc Size: 32B - Virtual size: 4KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 7KB - Virtual size: 7KB

.exdata
Size: - Virtual size: 7.6MB

.loadcon
Size: 1024B - Virtual size: 4KB

.boot
Size: 5.2MB - Virtual size: 5.2MB

.init
Size: 512B - Virtual size: 512B

.reloc
Size: 32B - Virtual size: 4KB