General
-
Target
SOL_CLI_0.0.9_Beta.zip
-
Size
41.5MB
-
Sample
220522-smve4adhej
-
MD5
ed49f66c718a556b0c537d57361bc5eb
-
SHA1
0c185d6ac2b298028b1ae19b1c28810a7447c281
-
SHA256
55fae20f81e17fc65703ed38df8a88fcc9102672983d3ecee931ecbdf2613602
-
SHA512
5a4e349cde49672e22c4f8079a7b89c863cf273333fa1d681db9e9119a94dd4344d26d00f1bc4fddea0b7292ccd3fb4439da324d26bed37a01747125ecda7a69
Static task
static1
Behavioral task
behavioral1
Sample
SOLCLI.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOLCLI.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
SecondaryHelper.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
SecondaryHelper.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
SOLCLI.exe
-
Size
37.3MB
-
MD5
52e9c4c727db287781032d1745ca04ca
-
SHA1
23c60be138e56e5962fb3c615043bbf922dff719
-
SHA256
4b46b9442ea49e13716d66198de6cf7ec42ae3c2c2631ee35e900784a2a22efe
-
SHA512
104158929d0377fd09b04397d4c18c0c9075ed3811ff642dffa4da7d357dbd8c9808ca536c9448dc53332c73e569b94f8c2f132c9638d19024bb085c01ddedcf
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
SecondaryHelper.exe
-
Size
8.8MB
-
MD5
ef14d140b49303d88173373c02a969e6
-
SHA1
5e139c41d0ea64671a5aaff4f48b6489f6d57ad9
-
SHA256
24109e07571e6bce202c94963cdba5d3bc41803a6dc64a9bc58206471bc14b30
-
SHA512
a2e783c06ffaba5eb062e5892e10b79a43ad0d7a1f896ec34a41bfc7766dec5dbd3d1a50ff35dd7f5e58c52d6c171b1020f0cf3bc74fe5eb5d0ba7f7dc8ab05c
Score1/10 -