General
-
Target
Synapse Z.zip
-
Size
5.0MB
-
Sample
241123-vlhq1sykbt
-
MD5
2d57b54cf0472ecd6ac6c31c5ed5aa04
-
SHA1
ccb3f600ffc3a7711f951431ebbe7275f0813a5e
-
SHA256
e5e08e06805507504311242781e7a892aae60c3b5c318cd579d710d31e529b50
-
SHA512
bfdfe6d7465b17dc2a00411b669e86656309dcf6027c8c5753add968ae281462c7812eebbf9628a26c5da823aa6681669f4bc6026553f90141411852ee6f763c
-
SSDEEP
98304:JxwmmdD8OM58DwLkFoLHBbCEIVrDJe25Ghy58a9ms6sFk:Jx5mdD86wLlTB2NJxk1ls6sFk
Malware Config
Targets
-
-
Target
SynapseLauncher.exe
-
Size
5.1MB
-
MD5
0048a1911839e7b7999b62094e63cd84
-
SHA1
bc646d549c9a3dca8ab17314984029333e863bef
-
SHA256
6527b3540e93faebb9ad37addbb7ce92dee8bfa8514458fe953ad191801c27d2
-
SHA512
7263dfe2d4bce3d1da6099228383ba2768cec5193385e6d9b49cf098102f3718b55db392177a9d307ccb4ef7c1e1000feab0ddf0350aade96774ff4e0e968d28
-
SSDEEP
98304:IbXpR9Qy7Rh9KDmNzIorcZgML9XLKALq2BapfYoyFoWhrAnYr0o+K4:WXp57TNzIUO9XOAuKapAXFoWhcYrV14
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
info.cmd
-
Size
41B
-
MD5
f630c5e22556db1310faeab5ff373f78
-
SHA1
5b9fe06eba28a87d1d2d80118f987de099a243ba
-
SHA256
de78474fd346b5ec79f577b312a252de8615ec8a1c10fe13a43c979224785106
-
SHA512
83650868dd62522df60f2ff1f73a1752fbafe5deb8dd8d83c105ecf1accf23d6f957c654e188cf5a7679baf115ce208c180e4eb0e5fe21c1418efd3eb28978b7
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
redeem.cmd
-
Size
43B
-
MD5
6c7844cefb607abaed7207a6234eda71
-
SHA1
37902ed907569d60dfab37f2b4a137975ef47978
-
SHA256
fd66f408540d64c25248487c6380430b21672eace2782d2b3039a2ce1e766aef
-
SHA512
c127a21bf7ef1dc5c34c4fdcf6b11790d6130e3c903e8b0a3b60280bd499879ae9abad3c97722a4859e17cf0639809456a186a3c0f2590cfebf4adb226bcb385
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
resethwid.cmd
-
Size
46B
-
MD5
01860cb9ef68521cb490de8492cddff7
-
SHA1
608399da35b7506a05eb949b8e0778cba937c780
-
SHA256
dbbc8d693171130722551524d75edb17a31221cecfe28755c2e10d7d0ca8256f
-
SHA512
08018e4b9b8902f5dbd73f02864bdd40e467e573f88eaa20530ef2262f1c5fb7ce96a144f8c83ed100fcd00a55ae4dcfacb6210a28ffb6e2bb9ee21fe7466166
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-