Overview

overview

9

Static

static

3

SOLCLI.exe

windows7_x64

7

SOLCLI.exe

windows10-2004_x64

9

SecondaryHelper.exe

windows7_x64

1

SecondaryHelper.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOL_CLI_0.0.9_Beta.zip

  • Size

    41.5MB

  • Sample

    220522-smve4adhej

  • MD5

    ed49f66c718a556b0c537d57361bc5eb

  • SHA1

    0c185d6ac2b298028b1ae19b1c28810a7447c281

  • SHA256

    55fae20f81e17fc65703ed38df8a88fcc9102672983d3ecee931ecbdf2613602

  • SHA512

    5a4e349cde49672e22c4f8079a7b89c863cf273333fa1d681db9e9119a94dd4344d26d00f1bc4fddea0b7292ccd3fb4439da324d26bed37a01747125ecda7a69

Score
9/10
evasionpyinstallerthemidatrojan

Malware Config

Targets

    • Target

      SOLCLI.exe

    • Size

      37.3MB

    • MD5

      52e9c4c727db287781032d1745ca04ca

    • SHA1

      23c60be138e56e5962fb3c615043bbf922dff719

    • SHA256

      4b46b9442ea49e13716d66198de6cf7ec42ae3c2c2631ee35e900784a2a22efe

    • SHA512

      104158929d0377fd09b04397d4c18c0c9075ed3811ff642dffa4da7d357dbd8c9808ca536c9448dc53332c73e569b94f8c2f132c9638d19024bb085c01ddedcf

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      SecondaryHelper.exe

    • Size

      8.8MB

    • MD5

      ef14d140b49303d88173373c02a969e6

    • SHA1

      5e139c41d0ea64671a5aaff4f48b6489f6d57ad9

    • SHA256

      24109e07571e6bce202c94963cdba5d3bc41803a6dc64a9bc58206471bc14b30

    • SHA512

      a2e783c06ffaba5eb062e5892e10b79a43ad0d7a1f896ec34a41bfc7766dec5dbd3d1a50ff35dd7f5e58c52d6c171b1020f0cf3bc74fe5eb5d0ba7f7dc8ab05c

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks