Overview

overview

8

Static

static

3

Launcher.bat

windows11-21h2-x64

8

lua51.dll

windows11-21h2-x64

3

luajit.exe

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Solara.zip

  • Size

    459KB

  • Sample

    240523-adnl3sec57

  • MD5

    f80d19df4130f4f256dd7bb77be2bd97

  • SHA1

    76405c82897359aac6759c00987a793b827af9ed

  • SHA256

    f8418708394db6fca1994290189547aa62a581f0e9c2e8096a5837598b03f553

  • SHA512

    67c55202e1178f075d98b0b039afe70a5d43162171d9a225b3153ce115a36fbe1359c69366e5aae241720da9d4447d78e1e22487e716df569bcc0679fe65d5f8

  • SSDEEP

    12288:jkwRGLSTkqudsU0Yz3jBL75xwc4XscIFl4zA6fzvBL6:jkpSYquuKjRdxwr81FlQxfDx6

Score
8/10

Malware Config

Targets

    • Target

      Launcher.bat

    • Size

      717B

    • MD5

      7276179fc4a059776470985ee2959249

    • SHA1

      1b6841d675efe612159cc791a429daa39ddf59a7

    • SHA256

      92a928595aac4d6ffccd6e05635fdbb0b82fdac13e0f460eafa22e570d26bf07

    • SHA512

      5a833d7b50cc187363cdd1fda4c0dbf23afd30a29b3e107a33e72bb6ffc617a0fcf2b5f1098507111e2d7c55fbc726361e46e8691bf0d179fb920d1f86b4b6db

    Score
    8/10

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      lua51.dll

    • Size

      592KB

    • MD5

      3dff7448b43fcfb4dc65e0040b0ffb88

    • SHA1

      583cdab08519d99f49234965ffd07688ccf52c56

    • SHA256

      ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60

    • SHA512

      cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394

    • SSDEEP

      12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY

    Score
    3/10
    behavioral2

    • Target

      luajit.exe

    • Size

      89KB

    • MD5

      dd98a43cb27efd5bcc29efb23fdd6ca5

    • SHA1

      38f621f3f0df5764938015b56ecfa54948dde8f5

    • SHA256

      1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

    • SHA512

      871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0

    • SSDEEP

      1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv

    Score
    1/10
    behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks