Resubmissions

23-05-2024 04:07

240523-epy96sde44 9

General

  • Target

    SolaraBootstrapper.exe

  • Size

    12KB

  • Sample

    240523-epy96sde44

  • MD5

    06f13f50c4580846567a644eb03a11f2

  • SHA1

    39ee712b6dfc5a29a9c641d92c7467a2c4445984

  • SHA256

    0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9

  • SHA512

    f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9

  • SSDEEP

    192:cDnQvi7auc35nuKdhAWVIanaLvmr/XKTxnTc1BREVXLGDlNjA:cDn97auc35tAKIanayzKto1jEVQzj

Malware Config

Targets

    • Target

      SolaraBootstrapper.exe

    • Size

      12KB

    • MD5

      06f13f50c4580846567a644eb03a11f2

    • SHA1

      39ee712b6dfc5a29a9c641d92c7467a2c4445984

    • SHA256

      0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9

    • SHA512

      f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9

    • SSDEEP

      192:cDnQvi7auc35nuKdhAWVIanaLvmr/XKTxnTc1BREVXLGDlNjA:cDn97auc35tAKIanayzKto1jEVQzj

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks