General
-
Target
SolaraB.zip
-
Size
5KB
-
Sample
240522-f2vcesdd6v
-
MD5
c28893103f5e51ab91e36a083f8b5573
-
SHA1
7d2d2be83da6ab4a04abcf95473ce43e24e6255a
-
SHA256
aff796ebceec53197b5fa391d7693cd5577849d6528c4f22f9606f63dba6fa2d
-
SHA512
9322fc4099f07cb9a45b2965197653ed85c88661130d8f33268e2ec7a97dda014c76b8d9d218b3fbcdcee2597de0bf6325a9d4fdf3bd92cd00303baa47f36bf8
-
SSDEEP
96:gDvDM0etWUQ584M4Yikr0by9KQ/DYU32e2sez0:gDM4Y3r0W9dMe2su0
Static task
static1
Behavioral task
behavioral1
Sample
SolaraB/Solara/SolaraBootstrapper.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
SolaraB/Solara/SolaraBootstrapper.exe
-
Size
12KB
-
MD5
06f13f50c4580846567a644eb03a11f2
-
SHA1
39ee712b6dfc5a29a9c641d92c7467a2c4445984
-
SHA256
0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9
-
SHA512
f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9
-
SSDEEP
192:cDnQvi7auc35nuKdhAWVIanaLvmr/XKTxnTc1BREVXLGDlNjA:cDn97auc35tAKIanayzKto1jEVQzj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-