empyrean | 8ea0d26dc52212325d8cd5e97d8ed0c4cd9aefd5d08d4b91a48ba3d6e2a782db | Triage

Submit
Reports

Overview

overview

Static

static

my synapse...nt.exe

windows10-ltsc 2021-x64

7

my synapse...nt.exe

windows11-21h2-x64

7

Sharing

General

Target

my synapse x v2.rar
Size

24.6MB
Sample

241222-p6wwgsynew
MD5

45b176db2070b18f8fe86512303c6f11
SHA1

a452b37cc26b5a04531dedb11ef0d5b01ed435ea
SHA256

8ea0d26dc52212325d8cd5e97d8ed0c4cd9aefd5d08d4b91a48ba3d6e2a782db
SHA512

cacdcf795f89caf018e642a41e367ee803a6d682ae63098144a132c716cd30321f876caea5480214e8a60c74b336a7a5aeae3299eb131fae764429516a66161b
SSDEEP

393216:og7RI2/L3589nNjF/9NML+EA2X2suvaUOqOOA6P6J7pbomyNJ20bF+ExfujbvMEy:oEb/+9nHVNML+23pUOqnq2NJ2i9us1qy

Score

10^/10

empyrean discovery persistence privilege_escalation pyinstaller spyware stealer upx vmprotect

Static task

static1

vmprotect pyinstaller empyrean

5 signatures

Behavioral task

behavioral1

Sample

my synapse x/my synapse x/any name you want.exe

Resource

win10ltsc2021-20241211-en

discovery spyware stealer upx

windows10-ltsc 2021-x64

9 signatures

30 seconds

Behavioral task

behavioral2

Sample

my synapse x/my synapse x/any name you want.exe

Resource

win11-20241007-en

discovery persistence privilege_escalation spyware stealer upx

windows11-21h2-x64

11 signatures

30 seconds

Malware Config

Targets

- Target
  
  my synapse x/my synapse x/any name you want.exe
- Size
  
  18.6MB
- MD5
  
  3e07c04324e0cbcb8d5babfc0bcc2152
- SHA1
  
  8f87c194ff39728e7dcb2842365492cc7c5c564c
- SHA256
  
  b67ef9c861b7a2f410487860cbca3de49b89d7c84d5012b4cc3bdda6e2e20c49
- SHA512
  
  8d778dc416a411414f5005e1cb00bdc454692cc1bd1bceeef1989ca55da80cd939f42055a1fb19b31472002aca0377e5110b9c8e2ecb53a70dad59ac217f11d3
- SSDEEP
  
  393216:uqPnLFXlrd4Q8DOETgsQNPfGpgtwfgXvEjcLOcWmtq:jPLFXNOQhEQaDo8wCcU
Score

7^/10

discovery spyware stealer upx persistence privilege_escalation
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

vmprotectpyinstallerempyrean

behavioral1

discoveryspywarestealerupx

behavioral2

discoverypersistenceprivilege_escalationspywarestealerupx

© 2018-2025

Terms | Privacy