General
-
Target
solara3.1.zip
-
Size
93KB
-
Sample
240520-mh46vafd42
-
MD5
067524d2b7c1e7575b1ff841b854e55e
-
SHA1
2253f3710d8641c262d232dcf31b9e8234c04026
-
SHA256
2df439e8c9ee999f550f555e938904fcc435aa9836fbb6c962c41d8b99002c50
-
SHA512
adb6e1dbe47a78e0c828b886a9d34d125e8fb7724d63d27a717fff878b399de12a1ca94d5c9f935c168aead1c0f1bed407e869bca9cab5aa0f85d651463e317a
-
SSDEEP
1536:nRFNh4zuKupSGyhUnVMaOBNkTCcQ86gAAaV7O6pwK9nTx/nR7sdDHtFo15F8S41y:nnz4nGyhUCa1TS/A266b/nR7SNWd8H1y
Malware Config
Extracted
umbral
https://discordapp.com/api/webhooks/1218996541960753294/boru4OIiPZlcyQ-ZGV0nkmj3mwQ4Plfv_FNHDZjSkufOGGGnNhBMqMsXP44o9KmN4QSW
Targets
-
-
Target
solara3.1.exe
-
Size
231KB
-
MD5
7340ffe16733c99a8f1904d4594951d6
-
SHA1
1522dc62d3f4658d50f48739eb9657f4b736be3d
-
SHA256
b5f99328387778a288470830b0e6aaaf401a55c23cd042e2a78041e10ea343b1
-
SHA512
9d8bc3b2476c0b9499762f9cff98b3df0ef9d478f976f74a30c534fd2d09b2e14883db6c5485b5df6a9e527b5945c12f326ecc1eb4fae54c1561a0159a086245
-
SSDEEP
6144:RloZM3fsXtioRkts/cnnK6cMlXrLwEKtFudr20VJgkTb8e1mCi:joZ1tlRk83MlXrLwEKtFudr20VJgek
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-