General
-
Target
RazerSynapse3Host.rar
-
Size
8.2MB
-
Sample
241201-lv8jcsyrd1
-
MD5
08f678d41bfaec4f5a2de20e17f95a5f
-
SHA1
04b8eb7df1eb8a69bce3e468b1c8eea0cd0d323f
-
SHA256
9b696d0170ec20a6806b4a43fea0e2ed8d25b274611681d3fd26416d189d8e58
-
SHA512
56d5d04735f7703f2352d21349c070e563f96559ce2d4d8f087042b9e708dff532302d8419c47e8acf08eedfa35b02d29e4b35192c8cdd9fd4ae11771a47ab06
-
SSDEEP
196608:0hmSDlE9Kb51ja6jACl52q1HENA0f8OKHa+iHmwTn4R4huJDDa:0hO9M1d0C5HE60f8OK6HdT4aEJna
Malware Config
Targets
-
-
Target
Razer Synapse 3 Host/RazerSynapseInstaller_V1.19.0.635.exe
-
Size
8.4MB
-
MD5
ea6d73fe2f7fba7318d12626a0ab4dbb
-
SHA1
3b37dc8a1028e2b145d48593092852d4f0d2d2b1
-
SHA256
302e4adba81cfd49955664b2fdcd207a0e5da8bbbecfc1f4eb789603001c80d2
-
SHA512
e02c5d9ce24e916e272289826a9733c009cdda741c15fa314f39e1b63feaa070931d0365ff0defcf04969175ad8f7ddba85d07071a426158a6f60b5e066a30f6
-
SSDEEP
196608:1/MfYTwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/j8:yIHziK1piXLGVE4UrS0VJY
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
Razer Synapse 3 Host/clean.py
-
Size
2KB
-
MD5
4e777936ca7fd8fa2bae957b084a33d9
-
SHA1
bda7bba90b9f769b1d2ca3648831f31983e4261e
-
SHA256
2a6f17f9f747afd690f8134ee06cbc120d952d09a8d855214fa84e1d80e43e0e
-
SHA512
3c1fadc4bc7d7944a933eccd0d507127572b1b6ce1f4cf0b945134c109fe100852e8b95f6fea7066d9c773125328461a33a6569bfd750d2ad5994e76d202b65d
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Discovery
Browser Information Discovery
1Process Discovery
1Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
2Internet Connection Discovery
1Wi-Fi Discovery
1