General
-
Target
Synapse Devbuild.exe
-
Size
77.6MB
-
Sample
241103-rmmvksypaj
-
MD5
0e8ce70bc14eaf413f19a7a48abb947f
-
SHA1
fb9973d0459fa2c226c7acd0970935c5e1fb6877
-
SHA256
6e38cdf8c60d606ca321617213830bb5f70b479cd8d096322a82679ab6906768
-
SHA512
b5894de701eb50355ff1652d88471a930941135e406713bfdddadc808ed2ea46eb18a6f5604d9572c87dc30feaa22821b98b61c1d02fa8ff83b8b97756d34544
-
SSDEEP
1572864:/1lVWZ10hSk8IpG7V+VPhqFxE7LlhpBB8iYweyJulZUdgP78yFUsraMwzte:/1bouSkB05awFeLpnNpur78ySsite
Malware Config
Targets
-
-
Target
Synapse Devbuild.exe
-
Size
77.6MB
-
MD5
0e8ce70bc14eaf413f19a7a48abb947f
-
SHA1
fb9973d0459fa2c226c7acd0970935c5e1fb6877
-
SHA256
6e38cdf8c60d606ca321617213830bb5f70b479cd8d096322a82679ab6906768
-
SHA512
b5894de701eb50355ff1652d88471a930941135e406713bfdddadc808ed2ea46eb18a6f5604d9572c87dc30feaa22821b98b61c1d02fa8ff83b8b97756d34544
-
SSDEEP
1572864:/1lVWZ10hSk8IpG7V+VPhqFxE7LlhpBB8iYweyJulZUdgP78yFUsraMwzte:/1bouSkB05awFeLpnNpur78ySsite
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
discord_token_grabber.pyc
-
Size
15KB
-
MD5
5370a532820e9c11d9cf1ee685fcfefb
-
SHA1
b9c0dadea471a9aef3b0e3e7c78dc7d1bc31122d
-
SHA256
b32fe812cca411c5f802a9863bf10455a9580c5918341e93fc2df550382087ba
-
SHA512
c89e7529e436618089c910b72ef4bbe01b92498b58ca3bc81290b1bb201025e5ad9087b7813f48bc6e30ceedb2c533cc7c580606ab3e2aad9313e3720911311a
-
SSDEEP
384:nGC7RYmnXavkLPJrltcshntQ5s6a2holHVA:nGCuvkL9ltcsttQ5s6aCgHVA
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
9KB
-
MD5
3723ca2ab941180c7e9ee955c84787b4
-
SHA1
260e052041dfb7b9f9345cbc658f08ffc311fceb
-
SHA256
dffcee11552a1347d7ec86d302ae7c11aa823fe656bd94d10a73c02b956609f4
-
SHA512
b23ad6cade52c631f29a04316ad764df24c542f5515457556748ac4bdc4ebef0de1363682c5077e9c48437475229680f9f7634c48b31c0fc066380b880a44633
-
SSDEEP
96:nlNatj7BMMKiNW8Zxh9ybA6HUWc4/xIgBZFLjH2K8BXFxUBvF/A7qx3slMFztwXX:lNaBBeiNR9QfUF2x3NC79F21aG6qDAhN
Score3/10 -
-
-
Target
misc.pyc
-
Size
4KB
-
MD5
c42e089e863f6e8137098c45fceab40e
-
SHA1
6518578e7b5f2480492334238b84ad3be5b1380c
-
SHA256
62c5f58bfd4b9cee38e6b973ed8000eda063488096380acf6ab7264f8c1df76c
-
SHA512
9e8ccd4383728166faf22c3f10fd471388ef8084c5e000e9fe58241c6ef4b9abd23a29de032a69a332ff41c852fcf786941ccf4ddfac1b4cb28b6251ab4942f5
-
SSDEEP
96:XSMlhlvyznDweHPF8+VB7sHIZGQSWfvmyyZ1k9zhub:iolvyz8evq+VBXZGQlvmV1k5hub
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
7KB
-
MD5
d23a91aebc53fb0d013c182fc10a569e
-
SHA1
2fe4680de0ddafad84c4cf69d5427674ee2f49d9
-
SHA256
5fd25ed5ea1de4064160ee4559dfba63fe1e4b86fd631c388581ddebfc975b7d
-
SHA512
97c4aeb2d64469d6d469066bfa24135ad9351f79cbafe5f97ccdbc4e8d759684789f10efe08f50db0d33b8a923b0d9bb6c4ad6d49aadc938472781fd37ca0024
-
SSDEEP
192:A114qWLlhuUIxDPK2cMHJb+XUhitovgEuz:64qWLlMFyVMHAE/4
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
172KB
-
MD5
adfc36df139626731f759783408da8d3
-
SHA1
58b348339a1cf870e14a2464cbe5f4fdc3798264
-
SHA256
eeb609c7e113f9772e85ad27d5943a1de7c4ab05baeff1521ba6cc80be40b1d2
-
SHA512
89711ecc5ff4d4c2047bdbd350d25907e7fb2b606b8ac031e2d501e71cf3ee48d2d9905dbd484f4940da07638489b6980c7bc02bd51ea5a6c7063105f68c8c3c
-
SSDEEP
3072:jr5AC0aOO2rS8STRo4PZTerUScMVfIvdXzWbsTxw:jrWC0aOO2rSPRoLjBVTse
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1