Overview

overview

10

Static

static

10

synthize.exe

windows7-x64

7

synthize.exe

windows10-2004-x64

9

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    synthize.exe.exe

  • Size

    17.8MB

  • Sample

    240920-ysdx7avgnm

  • MD5

    df030cc1f1f8b86e1168bed2426b6bf3

  • SHA1

    d1f2370064252101bb0268767ca7ad57290449f6

  • SHA256

    a151055b7d82b322597d3d9aa5a21636c64bc075c563c202d66d0e5c14e26ec2

  • SHA512

    6190c1f52abe918d0937ae44b07dab586e5d5023b6f272279241cbe79204c679289895f9ca50bb11c656475d7e4dd625485cd35d0c03fa05d38640c89f0ba482

  • SSDEEP

    393216:JqPnLFXlreQ+DOETgsvfGCgn8FvEzb1ObJO1q:APLFXNeQ/EhO86NOcg

Score
10/10
empyreancredential_accessdiscoverypersistencepyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      synthize.exe.exe

    • Size

      17.8MB

    • MD5

      df030cc1f1f8b86e1168bed2426b6bf3

    • SHA1

      d1f2370064252101bb0268767ca7ad57290449f6

    • SHA256

      a151055b7d82b322597d3d9aa5a21636c64bc075c563c202d66d0e5c14e26ec2

    • SHA512

      6190c1f52abe918d0937ae44b07dab586e5d5023b6f272279241cbe79204c679289895f9ca50bb11c656475d7e4dd625485cd35d0c03fa05d38640c89f0ba482

    • SSDEEP

      393216:JqPnLFXlreQ+DOETgsvfGCgn8FvEzb1ObJO1q:APLFXNeQ/EhO86NOcg

    Score
    9/10
    upxcredential_accessdiscoverypersistencespywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      c58db1b2e2c6e1422105aca6861d0baf

    • SHA1

      061c01e87da7471b18dc0f8f7ac0e6f7db9efb8e

    • SHA256

      d5fb56c40678966ba74a77f9f99023f3d4199d3b8f503c94bac600d784678ca2

    • SHA512

      d4f789892740c6166c65864a60b6c534f8fa2a907be3b6f60bf62092df2ce1795dd009e1de89fde545f26318b55dfaffa37819efd606624edac869fd4c0da106

    • SSDEEP

      192:wGxs5q/6D8qxXbWdXwvCGeofdz0kqnqJhwCCZLMdw5nw:Z4bWuXeofdwTO2CCZLP5w

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks