General
-
Target
SolaraB.zip
-
Size
5KB
-
Sample
240521-x4rsrafh81
-
MD5
5d2a15f24ed13751ff2989cf63c0dc04
-
SHA1
45cf00964e4c7fcd406545db0240b043e2172d5a
-
SHA256
b20a675a73f1940c54dda5cad8f5455bf4baa31d77edce3f391b12995d0abe85
-
SHA512
97ae56f951abfaffa5c8318f5103cfca3b7165b37d3ca84c9939b4f415e03fba782aeca9eba325bd2687e9fcfac315a2854a5b85a7316ac5e8890cd38cf7b7e9
-
SSDEEP
96:ZrIWVVuu0w2xd9smXZPc3cRVfUsFaU/kJp3/RmjhGd3yHcITnOyB4juB/wSySo:Zkhd9sGZPtRSwa6cpPRCAdCHcITrBhIz
Static task
static1
Malware Config
Targets
-
-
Target
SolaraB/Solara/SolaraBootstrapper.exe
-
Size
12KB
-
MD5
74494703e5f44eeb9aa037f0f50bf682
-
SHA1
fcfd8813e63cd61c5bfd2db605827fb9070fe8e9
-
SHA256
3e4f692506d372bebc12d344c5f1543b67fa1dbe095c910aab78456510d7fe66
-
SHA512
dbd2a8d928c797c70c4286d8ebabe202902445ed60e94eeccf33c7e3d794c7e362139187dcd1a57a4919503c1c791cfbe38f6f6eff454248382b3c4e023791fe
-
SSDEEP
192:WrnDHbLupIapaLPr/XKnxxTc1l6VXtrNjA:WrnzHUIapazzKxm1cVdZj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-