Overview

overview

7

Static

static

3

SyncMasterUtility.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    SyncMasterUtility.exe

  • Size

    217KB

  • Sample

    240811-st2gzszclh

  • MD5

    dab98637d37b0462c1963dd23e0e0393

  • SHA1

    8f64468546cd0cb0d900ad0db554a532e31027bc

  • SHA256

    f52b9ee73c31b8f3bd95c8ef92ffc5f2d0821b454c42bd28add936b8d14bc48d

  • SHA512

    f959d30ae5aedc8d51e1b8f09a844c0705c0038f061a93625d137a2330e9c5d18ab914f70404b3cd5a701332da4a0025846a638e30ef20ddee37b0d917ff14ad

  • SSDEEP

    6144:DfglcIbGetWc2fJZF7mkUwDseTOEEgV/K11:DIHGF7mkUwFqG/Kz

Score
7/10
defense_evasion

Malware Config

Targets

    • Target

      SyncMasterUtility.exe

    • Size

      217KB

    • MD5

      dab98637d37b0462c1963dd23e0e0393

    • SHA1

      8f64468546cd0cb0d900ad0db554a532e31027bc

    • SHA256

      f52b9ee73c31b8f3bd95c8ef92ffc5f2d0821b454c42bd28add936b8d14bc48d

    • SHA512

      f959d30ae5aedc8d51e1b8f09a844c0705c0038f061a93625d137a2330e9c5d18ab914f70404b3cd5a701332da4a0025846a638e30ef20ddee37b0d917ff14ad

    • SSDEEP

      6144:DfglcIbGetWc2fJZF7mkUwDseTOEEgV/K11:DIHGF7mkUwFqG/Kz

    Score
    7/10
    defense_evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks