General
-
Target
Solara_Installer.exe
-
Size
16.0MB
-
Sample
240521-jz19qsea41
-
MD5
dbbc481dabc773c2aef2fa9061545e2e
-
SHA1
c637bcea97f81ae80c48cca29ef44d8f46d80fd9
-
SHA256
4912f115f5daf63bd8c18e4b7c5d231ab2279ae561b188f51200ead6029293b7
-
SHA512
c44d8b6cfb3f7597315af2be4aa1b5513da305807c2abceb999b8ffe9b773ff515d1974152e06eb1e054ad74cca2a2acf23524bb1a8c1f981b309837ae4e4a25
-
SSDEEP
393216:oC2kpfKq5Rp0Md0j/nL/oq58W+0krTXMa3xsAVd:ykpCqB7d0bqPHTN3xZd
Static task
static1
Behavioral task
behavioral1
Sample
Solara_Installer.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Solara_Installer.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
6077866846_99
https://pastebin.com/raw/8baCJyMF
Targets
-
-
Target
Solara_Installer.exe
-
Size
16.0MB
-
MD5
dbbc481dabc773c2aef2fa9061545e2e
-
SHA1
c637bcea97f81ae80c48cca29ef44d8f46d80fd9
-
SHA256
4912f115f5daf63bd8c18e4b7c5d231ab2279ae561b188f51200ead6029293b7
-
SHA512
c44d8b6cfb3f7597315af2be4aa1b5513da305807c2abceb999b8ffe9b773ff515d1974152e06eb1e054ad74cca2a2acf23524bb1a8c1f981b309837ae4e4a25
-
SSDEEP
393216:oC2kpfKq5Rp0Md0j/nL/oq58W+0krTXMa3xsAVd:ykpCqB7d0bqPHTN3xZd
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-