Overview

overview

10

Static

static

3

SynapseZ C...er.exe

windows11-21h2-x64

10

SynapseZ C...7c.bin

windows11-21h2-x64

3

SynapseZ C...Ek.exe

windows11-21h2-x64

3

SynapseZ C...re.dll

windows11-21h2-x64

3

SynapseZ C...ss.exe

windows11-21h2-x64

3

SynapseZ C...re.dll

windows11-21h2-x64

3

SynapseZ C...pf.dll

windows11-21h2-x64

3

SynapseZ C...rp.dll

windows11-21h2-x64

3

SynapseZ C...r.html

windows11-21h2-x64

3

SynapseZ C...tt.exe

windows11-21h2-x64

3

SynapseZ C...or.dll

windows11-21h2-x64

9

SynapseZ C...lf.dll

windows11-21h2-x64

3

SynapseZ C...47.dll

windows11-21h2-x64

3

SynapseZ C...GL.dll

windows11-21h2-x64

3

SynapseZ C...v2.dll

windows11-21h2-x64

3

SynapseZ C...mp.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SynapseZ.Cracked.V5.2.zip

  • Size

    36.4MB

  • Sample

    241118-bwdp9szldq

  • MD5

    d2099b61e740d5fea2e10504e778422a

  • SHA1

    af6d2590a185d7295f217eb598c1a7b9eb66bc33

  • SHA256

    1d3a91bf3449c9c355ea0fd5b55a839f6779fbb309cfbdde8589bac539888c3f

  • SHA512

    0d572547ec3702c542dfef7c3de72e29348f7eb65cae4a89033ba69231c9516222865d531f037983b88c1eab1f8ceb7e604a448b1aad1b3c7235c2ad43192160

  • SSDEEP

    786432:lnDmot+Y0s5MpTALCfal+t2FBC7zVNXAR9lUxImRM0Ng5/RvOiNIB7OivUHC0Aa:Qal5MOCfaQt2jC7xSUxIixavJgk

Score
10/10
xwormdiscoveryevasionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

week-dictionary.gl.at.ply.gg:12466

Mutex

WIHzy7HOqD8TiFlq

Attributes
  • Install_directory

    %AppData%

  • install_file

    PowerShell.exe

aes.plain

Targets

    • Target

      SynapseZ Cracked V5.2/Synapse X Launcher.exe

    • Size

      67.0MB

    • MD5

      9780271fc9b17aecd71866f182dd7376

    • SHA1

      3b0c619dbb862438ec70d913674e8840eb7ca5d9

    • SHA256

      ff29b51276d46f8e3f096d2a244ba579ee8b0424ed825f7d3c6ace1ed1f4ca07

    • SHA512

      0f038d8cb1111437c06a16695fcc3623f3cea46520b022d9678c762322b80c5b9b5fec152d3a3e3c78db948ae18cde5d3e057c0ac764b6bf71955de668184a4e

    • SSDEEP

      393216:R4TPZVLWruiFVks+9j54GXvitZQLCO5SXDqQu58EISEhoIaE2FShABZDv25PPa2v:RKRVQxhu0P8Lq1LEvxOOx5Sl

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Executes dropped EXE

    behavioral1

    • Target

      SynapseZ Cracked V5.2/auth/internal/3132e54eb7c.bin

    • Size

      2B

    • MD5

      f3b25701fe362ec84616a93a45ce9998

    • SHA1

      d62636d8caec13f04e28442a0a6fa1afeb024bbb

    • SHA256

      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    • SHA512

      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

    Score
    3/10
    behavioral2

    • Target

      SynapseZ Cracked V5.2/bin/359k6u5HUNL4tEk.exe

    • Size

      2.4MB

    • MD5

      027834b2ebc7f1b02143d8e7f8c17aab

    • SHA1

      c4d19cab893e0fcb19d5de25e26e441faceb88ee

    • SHA256

      5b740dd5064d571eb065d94e252b11dd2c5ff0f82e7932c06c4acfd55e5a0cb1

    • SHA512

      0c87b7ddc9ec8b32ed9a787cb633d232cca78cb58d0b42fe2ffc7206498d2121c608b45b6f5cc696cf96d2b771385036abfb2b19b6d1a6d6d133dc7a867af353

    • SSDEEP

      49152:P2TxAt739Kik+gzh+VWNBmsXn1JObl7J6fDKz0vqsS8+5wYAeU3ki65n3e2:nh39KhrykBmsnOL6L40/S83sx

    Score
    3/10
    discovery
    behavioral3

    • Target

      SynapseZ Cracked V5.2/bin/CefSharp.BrowserSubprocess.Core.dll

    • Size

      912KB

    • MD5

      67e9fdff12286ad0ff11aa7e8a7775d9

    • SHA1

      245ec015e953bb395cf5d1e4f54804166daeaf68

    • SHA256

      b184f42ad13993a963700ad40400d401e398a46f72056f5907b6acdff986c63d

    • SHA512

      42c068e0b157fa5bd9ec9be977c1ec44712fc78909efb64961dc1e34d6c7fccc7af6bb685e847f32da9fe9124a215ad3adea08317279851c8ffd2761a3b47870

    • SSDEEP

      24576:uVK+vDCBGb9UKpUzXoiYehQspQ8SdWHubiWyzIrQK0OXPOlNce+pi:RcUKpUzXoiYehQspQ8SdWHubiWyzIrQO

    Score
    3/10
    discovery
    behavioral4

    • Target

      SynapseZ Cracked V5.2/bin/CefSharp.BrowserSubprocess.exe

    • Size

      7KB

    • MD5

      1687e4430649fdd4fde98a120f992836

    • SHA1

      fd7227e15928bee5335772cd72dba0047f6d06ce

    • SHA256

      5b0d7eec5ae0f5af562ec02611dbaadbfba6b308ba0345cb19b30a0a84f937a7

    • SHA512

      a6c3b0db67a4f27a37ee2b9302752c2094015bcca9a006561805fbe93f178e163e47501bc3c2c120cb8469a7985d69533020f9d736e6409e31fdc1084e279f4d

    • SSDEEP

      96:JHxBI7lEsmQBDs93z5ZzFZOIaetmA/Nt61OYcXei+U:JRBIWsmQB63z3zFZVsAYcXeU

    Score
    3/10
    discovery
    behavioral5

    • Target

      SynapseZ Cracked V5.2/bin/CefSharp.Core.dll

    • Size

      1.3MB

    • MD5

      a44554d38b7a25a7ab2320fe731c5298

    • SHA1

      c287a88fd3a064b387888f4bbc37a0630c877253

    • SHA256

      35980974bdba6d5dd6a4dc1072e33aab77f72f56c46779cb0216e4801dcc36ab

    • SHA512

      bd8956b7e8ca6d1129fbbb950dd913183b3e92601c2c900aed26d695782e4663654ac57074e1f0f2efcf9cced969487162910dc9bb52b42572d61994b07f2aad

    • SSDEEP

      24576:yXIdphyvfDVKyFnp89jCbBNr0s7HQAqcwYhPolDexla9e6dhkOi0nK+++evP4ZcC:HsJKyzNr0s7HQAqcwYhPolDexla9e6dp

    Score
    3/10
    discovery
    behavioral6

    • Target

      SynapseZ Cracked V5.2/bin/CefSharp.Wpf.dll

    • Size

      83KB

    • MD5

      1533d9b2ed991ad4fecef548dc762565

    • SHA1

      7a0664cc6bdc5ffd23c4aba43fa7b2acdfe949f4

    • SHA256

      8e6e874d51f654c1c081cd1658a2e4ad8e3b92e74f9406e8c4eb34d354ab8791

    • SHA512

      710677d3c6ebff9da638d22a3ae800eb12ba947aad9acb4e42f9e9268ade1b8dde680b4aa135121851285943aecc0fc9be85c5ca8a269d6857b35e905c7b7c12

    • SSDEEP

      1536:VdX1kcRoMy1tkZBjxQVhfcmzedNTppNCSyh1FPmyGx8Nge8Fu/mGmDtcOd:VdFLoMk24ClwNge8FPGMf

    Score
    3/10
    discovery
    behavioral7

    • Target

      SynapseZ Cracked V5.2/bin/CefSharp.dll

    • Size

      219KB

    • MD5

      92defcf3ee31db03999e8ea41742f8f8

    • SHA1

      2d5a94c029e1ac0df07a2055f03ca3d77ceb76b6

    • SHA256

      d3873ec8cf9a80b3b5691445cd0f6d2a38f5a2432864d7fa372b751bad54e891

    • SHA512

      d58f4c6bf526ed5e19bbb9c36db8fa192c63eb770b8bb5cebef0e1baf69d35ec3e1367062b9d2af9aa654d97e9cdcecca9c12bc73d9097c38a9c7e6dc11f103a

    • SSDEEP

      3072:dLU+ln+doWgHRVIceekE8Nb3+hwx6vOc5jOpP6AOSrzHnZpy:Rh+dYI4dwx6Oc5MPPpH

    Score
    3/10
    discovery
    behavioral8

    • Target

      SynapseZ Cracked V5.2/bin/Editor.html

    • Size

      2KB

    • MD5

      485f27d7faac7ec77e02be39737cc9a4

    • SHA1

      55722137ae4b2636a31ff7f42537133e7d7b40f0

    • SHA256

      cf65942ebe2cd8e704cf83dbac9fef38cd714219d0e068707b314d69fb1f3f74

    • SHA512

      001343387aebf0039c6359e81b64bd9630353d997ee78669c9b535905c90663691d5ad965911ed3b5e0967e2ad32e9d270d7623a879bffdc77ab1d5f4c9fcf0d

    Score
    3/10
    discovery
    behavioral9

    • Target

      SynapseZ Cracked V5.2/bin/OoxIi8qtt.exe

    • Size

      1.1MB

    • MD5

      a48d6b525da2501d8ec661f2f2f1b0e8

    • SHA1

      5737e465e5ffbed6b51e6775b5e05b5769f89e6b

    • SHA256

      a6e52cc20913ae168b7dcbb923ea8cd7bdda93e43399ec22a85dabfab14ddf3a

    • SHA512

      3cf1d6acbf1a3c3e99739af505b57aef7e8db5a2a84db2310c1d6490a097e11065510d2aaaac6ea71fd226b421d87be216993528e245e0bdee9b6000e68e32ab

    • SSDEEP

      24576:5EvX2R7XLISXF8ElQlt8K9MlOZNsST2R7:qvX2VLIS2Jt89LST2

    Score
    3/10
    discovery
    behavioral10

    • Target

      SynapseZ Cracked V5.2/bin/SynapseInjector.dll

    • Size

      6.0MB

    • MD5

      9b248dfff1d2b73fd639324741fe2e08

    • SHA1

      e82684cd6858a6712eff69ace1707b3bcd464105

    • SHA256

      39943c30732988289ca346902f007a72124bd98b82e08b0b9739241cdab4018e

    • SHA512

      56784a895f113088e3c92ccd96f354473e5d849fb9d0798868ff5e9477f60854e8bc7c9759c63417c9298f8702abab266722439b445977c6e940da393b8b696c

    • SSDEEP

      98304:whgYUp+QvBY2uccY07B1nG9CHvaxFNErtcKXc17TEBT0VBTFX3NwwJqOft:w2j8YCRGEP0iOvuT0FXKwt

    Score
    9/10
    discoveryevasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral11

    • Target

      SynapseZ Cracked V5.2/bin/chrome_elf.dll

    • Size

      788KB

    • MD5

      6499ea6b92ab4971886bd06c12625819

    • SHA1

      5ebb75eeca7625b9511233158a02f50a92867a39

    • SHA256

      6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

    • SHA512

      e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

    • SSDEEP

      12288:bCr6Tisy+fUv6cwQhl0j+iBQIR+ybWlkkswiS1cVlqoKe9+nIMQbNt:Wr6Tisy+fUv6cwQhlcbWFi8iDjD

    Score
    3/10
    discovery
    behavioral12

    • Target

      SynapseZ Cracked V5.2/bin/d3dcompiler_47.dll

    • Size

      3.5MB

    • MD5

      f76b1d2cd95385b21e61874761ddb53a

    • SHA1

      e5219dc55dcd6b8643e3920ad21d0640fd714383

    • SHA256

      8bf0eeb5081d8397e2f84f69449c8a80d9c0cdcf82bcef7a484309046adcb081

    • SHA512

      8e5c6541bbea6730c4f6392439454f516d56ac9ad6d6b55336e52361cc80a35fbed8a90d58020d92fa4ac9fcfeee6c280754a9e99cc32bae901b00306626e69f

    • SSDEEP

      49152:fjmJAksRXmBNgC9ITPPE8WHmy0HRZ+kyOzDJn5c5v5H3pqC23u6q+25omPEyXzjl:fy2Ckrj+kyOv2MJ+6q8kbqS/Ai

    Score
    3/10
    discovery
    behavioral13

    • Target

      SynapseZ Cracked V5.2/bin/libEGL.dll

    • Size

      306KB

    • MD5

      a6bff6c3e64d7e0b93361c7696783e96

    • SHA1

      b86339ad28e87c523b6c8bf9ff8787d5d390bd51

    • SHA256

      f808b62775fd4a422e4fcff733ef185e7846e76c533e464cfeaddc96a25a8887

    • SHA512

      c271243438ba54f27d6bd02d38ba4620199fda0ba9b373bfb7522fd128fc32e4028ff9ef9e02668f78c0f86446af3b3a4f8fcc2263e53301553f9a140816e65f

    • SSDEEP

      6144:wfGwxWv6tN2phvpaKHBvb5ZzaYudGGWMfe/tpEEfh8odAcHH6cG:w+wxWyn2pFvb5ZzIsGWMfe/TtSodVn6c

    Score
    3/10
    discovery
    behavioral14

    • Target

      SynapseZ Cracked V5.2/bin/libGLESv2.dll

    • Size

      6.4MB

    • MD5

      48bd3bf564d6592417ee5cae16e34e6e

    • SHA1

      f29f91d5863be99267cec7bbe8cb51159a7a3adf

    • SHA256

      53a7ea40cd589683dfb57ee0f187d6f3e373b2df5a3e0129c41a5c1e7de5d0c0

    • SHA512

      c9da5cc25b29bf1b5cdc3de42650e6d893ae89b8451fb67a8a1e4f5df9d71d503b5e010a17540d46e96c1244d58c2490f0b8d5380a98337cbb7bf13b69101683

    • SSDEEP

      98304:+/p3sY6QaLuk1s0EU0qf8zRfU4WIIIMBtLLdAr16KH57wemx7+lw:E36QffqfGpU4WIyFLdoEQWk

    Score
    3/10
    discovery
    behavioral15

    • Target

      SynapseZ Cracked V5.2/bin/lua-decomp.exe

    • Size

      4.4MB

    • MD5

      df95aa5c0c116c58daf0beae25edb914

    • SHA1

      51ad4aede462038558df0160a27136b381777431

    • SHA256

      cb4ee2eae0915f38fbdf75c3683933d202b306e2aa704a02cbd344ead03a037f

    • SHA512

      9456eae67d523adddd132bb60b93022535f2590b6e622cffd63dd455a387000201f8ac2c4634d69bfa1ca5c00571d43b1f1e29625dad958503c84c742bc12501

    • SSDEEP

      98304:r9EvGpryZvhmgPoYBjkjBpa1WjB51FVdj0voaYV:r9EWIvrdBjkje1Y51FVdjwYV

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral16

MITRE ATT&CK Enterprise v15

Tasks