Overview

overview

9

Static

static

7

SynapseLauncher.exe

windows11-21h2-x64

9

redeem.cmd

windows11-21h2-x64

9

resethwid.cmd

windows11-21h2-x64

9

Resubmissions

13-09-2024 16:04

240913-tje2nswepl 9

13-09-2024 16:01

240913-tgphbsxama 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Synapse Z.zip

  • Size

    4.1MB

  • Sample

    240913-tgphbsxama

  • MD5

    1648c2ea58b12e3d61d21cdc3086c80b

  • SHA1

    8a8e2b1a7e5ed9b954bd77b8c93ad177c5107062

  • SHA256

    a041944cc4947e6b3cb4fc7c45279567592d81db51820677dbb184e8ed6fb952

  • SHA512

    122dd31419ad89e19881e8ca4add1aaafd1d7cff1547f23794bccc05320b0d8b1f232444d0ca965157c6cfb082cc1c8afa3e18987a82490fbfd526685c042f56

  • SSDEEP

    98304:aXX7ISsDWxizP1KOvfUTsEBi9VSNPxq4K1180K+X5JiLGdsf8+BcTRA:anKzNKO1gPxe7DXKLGd+8cH

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      SynapseLauncher.exe

    • Size

      4.1MB

    • MD5

      7d298245f200fa8fdd2da58830b286fb

    • SHA1

      a837c87c6c2c12b8bd1dae3a38bee7468f53907d

    • SHA256

      93e4666d53d8437b111de4bbc936183c3ee505cea719d0faa1d650e6d3cd4634

    • SHA512

      16f36b8b8577f62faebcc3ab148c877a17c208d8e29eb285d904f47b301f8c26c2227ea299c416f626bd62b1b79358ccda741c8b9054fcf0501e40b89792dee6

    • SSDEEP

      98304:Y1bT9OqJzqQ1KtN35Nu7zVFPbCV7aTImb/DXNv8ry4NDDaHN:YZPJm8SN35NMzVFPOQTIm/Nwy4NDC

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      redeem.cmd

    • Size

      43B

    • MD5

      6c7844cefb607abaed7207a6234eda71

    • SHA1

      37902ed907569d60dfab37f2b4a137975ef47978

    • SHA256

      fd66f408540d64c25248487c6380430b21672eace2782d2b3039a2ce1e766aef

    • SHA512

      c127a21bf7ef1dc5c34c4fdcf6b11790d6130e3c903e8b0a3b60280bd499879ae9abad3c97722a4859e17cf0639809456a186a3c0f2590cfebf4adb226bcb385

    Score
    9/10
    evasionthemida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

    • Target

      resethwid.cmd

    • Size

      46B

    • MD5

      01860cb9ef68521cb490de8492cddff7

    • SHA1

      608399da35b7506a05eb949b8e0778cba937c780

    • SHA256

      dbbc8d693171130722551524d75edb17a31221cecfe28755c2e10d7d0ca8256f

    • SHA512

      08018e4b9b8902f5dbd73f02864bdd40e467e573f88eaa20530ef2262f1c5fb7ce96a144f8c83ed100fcd00a55ae4dcfacb6210a28ffb6e2bb9ee21fe7466166

    Score
    9/10
    evasionthemida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks