Source Byte

Synapse Ransomware Technical Analysis Link

rule Synapse_Ransomware_1_0_0
{
meta:
description = "Synapse Ransomware 1.0.0 Stable Version Release - Detection Rule"
author = "CRT"
date = "2024-05-22"
version = "1.0"
malware_type = "ransomware"
strings:
$str1 = "Global\\FSWiper" ascii wide nocase
$str2 = "ZLWP.tmp" ascii wide nocase
$str3 = "Microsoft Primitive Provider" ascii wide nocase
$str4 = "RNG" ascii wide nocase
$str5 = "Synapse" ascii wide nocase
$clsid1 = {11 F8 90 45 3A 1D D0 11 89 1F 00 AA 00 4B 2E 24}
$clsid2 = {98 66 4B 67 92 EE D0 11 AD 71 00 C0 4F D8 FD FF}
$clsid3 = {87 A6 12 DC 7F 73 CF 11 88 4D 00 AA 00 4B 2E 24}
$clsid4 = {74 A6 AC 44 FC E8 D0 11 A0 7C 00 C0 4F B6 88 20}
condition:
all of them
}

Projects on undocumented windows APIs, a keylogger PoC, and dll injection PoC.

Based off of a Defcon workshop

GitHub

Code injection via undocumented NtAllocateVirtualMemory Cocmelonc #malware_dev

Name: Windows System Programming Requirements: C, Windows (structure and etc) Level: Intermediate to Advanced Author: Johnson M. Hart Table of Contents: 1- Getting Started with Windows 2- Using the Windows File System and Character I/O 3- Advanced File and Directory Processing, and the Registry 4- Exception Handling 5- Memory Management, Memory-Mapped Files, and DLLs 6- Process Management 7- Threads and Scheduling 8- Thread Synchronization 9- Locking, Performance, and NT6 Enhancements 10- Advanced Thread Synchronization 11- Interprocess Communication 12- Network Programming with Windows Sockets 13- Windows Services 14- Asynchronous Input/Output and Completion Ports 15- Securing Windows Objects 16- Using the Sample Programs 17- Source Code Portability: Windows, UNIX, and Linux 18- Performance Results

Name: Mach-O Runtime and File Format Reference Requirements: Compiling Steps, C Programming Level: Intermediate Author: Apple Inc. Contents Index: 1 - Overview of Runtime Architecture 2 - Building Mach-O Files 3 - Executing Mach-O Files 4 - Loading Code At Runtime 5 - Runtime Conversations for PowerPC 6 - Data Types 7 - Data Alignment 8 - Stack Structure 9 - Routine Calls 10 - Dynamic Code Generation 11 - Mach-O File Format Reference 12 - Mach-O Header Data Structure 13 - Load Command Data Structures 14 - Symbol Table and Related Data Structures 15 - Relocation Data Structures 16 - Static Archive Libraries 17 - Multi-CPU Architecture Files #apple #mac #mach_o #reverse_engineering #binary #paper #resource

#Tools CM64 a x64 freezer/debugger for windows. Features :

Simple and familiar user interface
Hexbased expression parser
Full-featured kernel memory edit, save and load
Follow jump and back
Memory map
Modules thread view
Register view
Full memory search
Fast assmbler/disassembler (Zydis 4.0.0)
Plugin support with growing API
ASCII/Hex memory dump
Dynamic stack view
Executable patching
Game cheat engine trainer
Full IO ports read and write
Windows service API investigator
Save and load binary files
Virtual / physical address converter and mapper
Full PCI bus viewer
Full kernel drivers structre viewer
Full user mode processes structure viewer
Full system BIOS structure viewer
System ACPI structure viewer
Special boot control featrure
Debug Windows kernel and processes without Windows global flag enabled or any process in debug mode

🦅 کانال بایت امن | گروه بایت امن _

binaryninja update on auth.lol/binja