General
-
Target
RazerSynapse3Host.zip
-
Size
8.2MB
-
Sample
241130-eafvaavnbr
-
MD5
31aa9013f477b59438114dcf2cb106c8
-
SHA1
1ab8d2d89e4b36be92eb1210c0c9d0c6c20a9ac0
-
SHA256
6ad2e67430780fa03369f1d57ff0f023e7840990a37b5bc18530a52e052a24ba
-
SHA512
13bd3b15ddc402b3d4dcf03e67679c05d31cdb15682e8b244001ef565042c118e9cadfecba96295b6c736819e3a0608f4b03f4774690ea65d71f3780a3d2aa15
-
SSDEEP
196608:e1yDXBMwn4v1bCXW+PjK0+jns7iP/kUpfGA7g+Q1MMuaFuxfS:eczZ4kXWmjr+jns7mcwZNQ14o
Behavioral task
behavioral1
Sample
Razer Synapse 3 Host/RazerSynapseInstaller_V1.19.0.635.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Razer Synapse 3 Host/RazerSynapseInstaller_V1.19.0.635.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Razer Synapse 3 Host/clean.py
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Razer Synapse 3 Host/clean.py
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Razer Synapse 3 Host/RazerSynapseInstaller_V1.19.0.635.exe
-
Size
8.4MB
-
MD5
ea6d73fe2f7fba7318d12626a0ab4dbb
-
SHA1
3b37dc8a1028e2b145d48593092852d4f0d2d2b1
-
SHA256
302e4adba81cfd49955664b2fdcd207a0e5da8bbbecfc1f4eb789603001c80d2
-
SHA512
e02c5d9ce24e916e272289826a9733c009cdda741c15fa314f39e1b63feaa070931d0365ff0defcf04969175ad8f7ddba85d07071a426158a6f60b5e066a30f6
-
SSDEEP
196608:1/MfYTwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/j8:yIHziK1piXLGVE4UrS0VJY
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Razer Synapse 3 Host/clean.py
-
Size
2KB
-
MD5
4e777936ca7fd8fa2bae957b084a33d9
-
SHA1
bda7bba90b9f769b1d2ca3648831f31983e4261e
-
SHA256
2a6f17f9f747afd690f8134ee06cbc120d952d09a8d855214fa84e1d80e43e0e
-
SHA512
3c1fadc4bc7d7944a933eccd0d507127572b1b6ce1f4cf0b945134c109fe100852e8b95f6fea7066d9c773125328461a33a6569bfd750d2ad5994e76d202b65d
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Discovery
Browser Information Discovery
1Process Discovery
1Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
2Internet Connection Discovery
1Wi-Fi Discovery
1