Skip to content

Hide Navigation Hide TOC

SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866)

SynAck is variant of Trojan ransomware targeting mainly English-speaking users since at least fall 2017. (Citation: SecureList SynAck Doppelgänging May 2018) (Citation: Kaspersky Lab SynAck May 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware 1
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware 1
Process Doppelgänging - T1055.013 (7007935a-a8a7-4c0b-bd98-4e85be8ed197) Attack Pattern SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware 1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware 1
SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware 1
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware 1
SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware 1
SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 1
SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 1
SynAck - S0242 (04227b24-7817-4de1-9050-b7b1b57f5866) Malware Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 1
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Process Doppelgänging - T1055.013 (7007935a-a8a7-4c0b-bd98-4e85be8ed197) Attack Pattern 2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 2