9b9016b5402fd2bba74ca80fbd4c1fd33424276a5d909bfd6d3e88246276bc9f

Sharing

Copy URL

Twitter E-mail

General

Target

Synthesia.exe
Size

12.6MB
Sample

240625-r9c9nawenc
MD5

a367aa2fbce65bd03509076fa4656dd4
SHA1

db07c17b5736472d2061096cefda9a86c0e6c1b6
SHA256

9b9016b5402fd2bba74ca80fbd4c1fd33424276a5d909bfd6d3e88246276bc9f
SHA512

2d60368ec1452eb74f35d4167b21bc2ae4cd230a86a3bf7f62ca0b57ab8fb8b78a5b6dacc6d90deee2f65184aa4c83cdbd60dbd19fdb0ad5f12ec4ae3cc49500
SSDEEP

393216:jQDiKZYqASUg/nHArZfCWbUFuF9NB7I3M07FRQ:jgiKZDX/grZfCWzF9vIcE7

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  Synthesia.exe
- Size
  
  12.6MB
- MD5
  
  a367aa2fbce65bd03509076fa4656dd4
- SHA1
  
  db07c17b5736472d2061096cefda9a86c0e6c1b6
- SHA256
  
  9b9016b5402fd2bba74ca80fbd4c1fd33424276a5d909bfd6d3e88246276bc9f
- SHA512
  
  2d60368ec1452eb74f35d4167b21bc2ae4cd230a86a3bf7f62ca0b57ab8fb8b78a5b6dacc6d90deee2f65184aa4c83cdbd60dbd19fdb0ad5f12ec4ae3cc49500
- SSDEEP
  
  393216:jQDiKZYqASUg/nHArZfCWbUFuF9NB7I3M07FRQ:jgiKZDX/grZfCWzF9vIcE7
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  09d8971beefefffd710030dd167a99e0
- SHA1
  
  a0117786ad77213f3eb48cfdc3819786cb796b7d
- SHA256
  
  caf64a4e9449220ba618a9aa2ae4ed3774c5d0f193bda44be22676c27ae0ec95
- SHA512
  
  3956f0c6bcdf033e4a10ab33872a66e0668da28ec31cb7a2c67ef7266d7c0845998a2a85a6cc25aba1df73909df8104119cf5f1f86c1e91f8fd201765aea49f0
- SSDEEP
  
  384:EhC43tPegZ3eBaRwCPOYY7nNYXC8/Yosa:EoTgZ3eBTCmrnNAI
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  8cf2ac271d7679b1d68eefc1ae0c5618
- SHA1
  
  7cc1caaa747ee16dc894a600a4256f64fa65a9b8
- SHA256
  
  6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
- SHA512
  
  ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
- SSDEEP
  
  192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/ioSpecial.ini
- Size
  
  211B
- MD5
  
  e2d5070bc28db1ac745613689ff86067
- SHA1
  
  282e080b4cf847174c5c11e4f9157b8c338ecb19
- SHA256
  
  d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0
- SHA512
  
  a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  10KB
- MD5
  
  ea2d7092b944bec56058af14417d0772
- SHA1
  
  9e4c83c458b1953c873c2d29ee2122fd425f4825
- SHA256
  
  90fba73f581737ae3cb3e92bcb7260a8a8eab467f12557a76259867159232345
- SHA512
  
  3ad290389fd1e25702d7027919c538b13dccd6d27b441a8cc365aaed6538e3d4f148db7fa1fc958a8f43e8b411cb4fbf5701da234954c9a357d99401304079c9
- SSDEEP
  
  192:5VApcaaerylY/EGCwlNMY8HsAUCUZuXfcqgQ+jPTh+PRN3mHuo9+OeO56V:5V1ar2jTt4Dq2Huo9+OeY4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9
- Target
  
  Synthesia.exe
- Size
  
  19.2MB
- MD5
  
  5dc12d9dee11f6490a909937e56991cc
- SHA1
  
  21f6376cb3c755e742ee1c7450deb5fdf4068931
- SHA256
  
  1993138131ec80dff681ae5e31935f99f80afa7508472edc7d502bfe2c53a2c6
- SHA512
  
  c11118fc24b89dcb48f008de46cc908570bd3477a8f294d57172736c3c8f11256142de1846863363409604f501c3b3b33a2418f2e5fd25653b03309f149fed42
- SSDEEP
  
  393216:3Bt7gzmb1SFXN4Re7Aa/PAfMwT77No6R/af5wNVMWigOnrard:RtWmZSFXN77Aa/PwMwH7m0Urard
Score

3^/10
behavioral11 behavioral12
- Target
  
  bass.dll
- Size
  
  251KB
- MD5
  
  bad0d33c7e0d150ddf9835cd8c373ea5
- SHA1
  
  7231815986ed07a0af10c371138a02a52f4f2b51
- SHA256
  
  4bbb323f48fa7ea549abd59ecfc30e71b574d20f52e295b7e3ebf19f07f53efe
- SHA512
  
  2777a2ae0dcbc6c5891be0cfb88b49ba9d4646d3fe58d749742c126aeafb19496b21d63fc0060d591424f22744d3bfb9c34af60371aa362b92b60506dd72da07
- SSDEEP
  
  6144:wrN4FdMfStD/FowSfOky7Fi/FjTpv/zK7jkbHC7DbDz:wrNOdM8/aik8FyFPpv/z847CXbn
Score

1^/10
behavioral13 behavioral14
- Target
  
  bassmidi.dll
- Size
  
  78KB
- MD5
  
  040c88ba574f8795a565eac6b0486e1d
- SHA1
  
  57d14727357dbd3e97b9b4b02224470c9b269943
- SHA256
  
  6f79dbd3c54836e87c407c648956f472244c7159cee43e73780cebcf2709051d
- SHA512
  
  9fa2d5d8461dd06d6ea0aa7aa4f08c9bf7804d90d00c9e3efc3696dfea28e837cfb18f195d3e4fa6a9a549cd03910e84d62d623aa15677867503bc30fdfd2eb6
- SSDEEP
  
  1536:HEdFU1Lt9fPzIn6iUxqcJ9Um6KGZbqB9QFZZ2Mv19w49hjy+6cQjTOLlaud3hyI:HEd6hbfPzI/4qq5abqBcOYT4beLleI
Score

1^/10
behavioral15 behavioral16
- Target
  
  msvcp140.dll
- Size
  
  557KB
- MD5
  
  7db24201efea565d930b7ec3306f4308
- SHA1
  
  880c8034b1655597d0eebe056719a6f79b60e03c
- SHA256
  
  72fe4598f0b75d31ce2dc621e8ef161338c6450bb017cd06895745690603729e
- SHA512
  
  bac5729a3eb53e9bc7b680671d028cabef5ea102dfaa48a7c453b67f8ecb358db9f8fb16b3b1d9ea5a2dff34f459f6ac87f3a563c736d81d31048766198ff11e
- SSDEEP
  
  12288:Rsjw3shF+jss1I8CgEWTe5+YMCMGz2MMY5U489wiyaf+QEKZm+jWodEEVksLd:Rs/5U4RBaf+QEKZm+jWodEECsL
Score

1^/10
behavioral17 behavioral18
- Target
  
  readme.html
- Size
  
  185KB
- MD5
  
  bac0494cc76c3b5c68463120ca6fdc85
- SHA1
  
  f31b43ccefe66adcf3866db98192ff29b598abf7
- SHA256
  
  88ab06b939db445d16b56686fc0d1a77a08d68183dd1a3bfae1bfba9276e9eaf
- SHA512
  
  85b771f6333d589df7ff69e78b5e4a136d817c7eb2ba2039b3656cc2004d5780c1cee7f581ef892129c8472a90f1e76769d8bb65fb65107061360db2930efbf2
- SSDEEP
  
  3072:9r/x4iHiSPUFQXuteZDbqkTyGzvNsKqiOIb0fhGbdg/eFqLWlLHMZXfDDU3PQwMJ:9WAacZdTZTNsKqcfb1UH
Score

1^/10
behavioral19 behavioral20
- Target
  
  vccorlib140.dll
- Size
  
  326KB
- MD5
  
  25a304a65ab778e0170f46d54f8cb566
- SHA1
  
  d2e3570f5e021c90da834ea81ce130bef4bf9252
- SHA256
  
  c6a8856d3eedac7b032e7a8730faf22707c9e23c2e289d500daac0dfa5de39a6
- SHA512
  
  d4ea79d54e40a0e0dedcc21905556a8e98a28559b281ea35c54f2d08998f49e98c41048d3886c9df383b6aa7dc931971588c0ddbb1e19847b4784cdf512bd5e5
- SSDEEP
  
  6144:caGpFE+VAtdoFb6/FrlBu+MbNNSUgzCZXdbQL:caf+VHFe/dlBqKUfQL
Score

1^/10
behavioral21 behavioral22
- Target
  
  vcruntime140.dll
- Size
  
  96KB
- MD5
  
  f12681a472b9dd04a812e16096514974
- SHA1
  
  6fd102eb3e0b0e6eef08118d71f28702d1a9067c
- SHA256
  
  d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
- SHA512
  
  7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2
- SSDEEP
  
  1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
Score

1^/10
behavioral23 behavioral24
- Target
  
  vcruntime140_1.dll
- Size
  
  37KB
- MD5
  
  75e78e4bf561031d39f86143753400ff
- SHA1
  
  324c2a99e39f8992459495182677e91656a05206
- SHA256
  
  1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e
- SHA512
  
  ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756
- SSDEEP
  
  768:Xhh4pTUUtmUwqiu8oSRjez6SD7GkxZYj/9zLUr:xJ9x70GkxuZz2
Score

1^/10
behavioral25 behavioral26
- Target
  
  win10-midi.dll
- Size
  
  141KB
- MD5
  
  01423526a88c61343fdf13b1e1a52b38
- SHA1
  
  b2fb30664ae4f911ef62dd532e78ce636df22b6e
- SHA256
  
  fc9f2af9190ef798ccb789a122c8c0064245869ca24d264a42d3d6b1f1491d6b
- SHA512
  
  4dbf2ab6da5e6c57c7efd69a9332ae1d2019e7da1bf13697dc5fbeb6797097b30fa0315fa79ed8250da3068a553003aca9b718b0ab0a8eea4c7e2020b2a55c87
- SSDEEP
  
  1536:a8Ya7NtbgtxI+xZGInvk1fzOPTqGsSkZcoFTgAyDtGOhwDEZGnQDc1nLPx1:aQgtxGfnG1wTlyRGO2LTx1
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28