General
-
Target
SynapseX.exe
-
Size
2.2MB
-
Sample
240706-zpekzsscpl
-
MD5
64f8181b0cafeb0cb231b82ebdca1cca
-
SHA1
a49bd6450e5588a2d8b734329897053b02224ad5
-
SHA256
56ac435655045823aa96a67bd5e9afa45d16f8bee8daff2f7d790d6c1c9b26ce
-
SHA512
0ce9956d78364ead6c5f5ed958e77b61aeb500837541863d3154cc77dc4b3c77383fa4d6cbcf63d312e292ff7fc7c74a8098374d6c34caaa1dd3fd824f872bc4
-
SSDEEP
49152:5soozm5VdW2rix+nO78vjp9X8j3vnUz04Z2YsF3:5DoznbxT78vjp9Mj/JA2L
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.174:4782
0544130a-0a96-4695-b537-d74bab66d8c7
-
encryption_key
B4FC64153C81F311BB96F6A5E89311EA9CE3D1D5
-
install_name
SynapseX Keyless.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Microsoft Security
-
subdirectory
SubDir
Targets
-
-
Target
SynapseX.exe
-
Size
2.2MB
-
MD5
64f8181b0cafeb0cb231b82ebdca1cca
-
SHA1
a49bd6450e5588a2d8b734329897053b02224ad5
-
SHA256
56ac435655045823aa96a67bd5e9afa45d16f8bee8daff2f7d790d6c1c9b26ce
-
SHA512
0ce9956d78364ead6c5f5ed958e77b61aeb500837541863d3154cc77dc4b3c77383fa4d6cbcf63d312e292ff7fc7c74a8098374d6c34caaa1dd3fd824f872bc4
-
SSDEEP
49152:5soozm5VdW2rix+nO78vjp9X8j3vnUz04Z2YsF3:5DoznbxT78vjp9Mj/JA2L
-
Quasar payload
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-