Overview

overview

10

Static

static

3

Solara.zip

windows7-x64

1

Solara.zip

windows10-2004-x64

Launcher.bat

windows7-x64

6

Launcher.bat

windows10-2004-x64

10

log

windows7-x64

1

log

windows10-2004-x64

1

lua51.dll

windows7-x64

3

lua51.dll

windows10-2004-x64

3

luajit.exe

windows7-x64

1

luajit.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Solara.zip

  • Size

    459KB

  • Sample

    240524-zb6gjsab5t

  • MD5

    aae266dd3adeb883645fe988beb9f7f2

  • SHA1

    506b4535d398c8a8d807c155d8ab0cbd5e6b6829

  • SHA256

    00304df98f53530d2ec1f38078442f3eb70fe0ee7d915ce2268c754b126a963d

  • SHA512

    b2081e0abb302492c7a6f80af54360a2dd38160063f4a7c736dac6e36a543d62d114bdbabe650de68b42800be44af7681473c4b38eccbe115135e0b9e8880f6c

  • SSDEEP

    12288:hq4z/KNGAm2Zw3NNYLepb/x5HmhO3uu6ZWc/VWmJzFiW2/Y18j6:44TdrAgNYCxlm03uu6ZW2VWyQW9M6

Score
10/10
redlinediscoveryexecutioninfostealerspywarestealer

Malware Config

Targets

    • Target

      Solara.zip

    • Size

      459KB

    • MD5

      aae266dd3adeb883645fe988beb9f7f2

    • SHA1

      506b4535d398c8a8d807c155d8ab0cbd5e6b6829

    • SHA256

      00304df98f53530d2ec1f38078442f3eb70fe0ee7d915ce2268c754b126a963d

    • SHA512

      b2081e0abb302492c7a6f80af54360a2dd38160063f4a7c736dac6e36a543d62d114bdbabe650de68b42800be44af7681473c4b38eccbe115135e0b9e8880f6c

    • SSDEEP

      12288:hq4z/KNGAm2Zw3NNYLepb/x5HmhO3uu6ZWc/VWmJzFiW2/Y18j6:44TdrAgNYCxlm03uu6ZW2VWyQW9M6

    Score
    1/10
    behavioral1behavioral2

    • Target

      Launcher.bat

    • Size

      722B

    • MD5

      d3536bea5d026490a43f81ce81f8af36

    • SHA1

      9dfae9303c3cc6059dde651de143d692bd250715

    • SHA256

      e5ac9e35df655c6014503b3f3c0cf7beca2839798f973e031b353d8f58679bea

    • SHA512

      1fcd1685d10adb21011a7125dc75e8e1c39652bd04a13d511a8c4b7bea6fb8e1df7fd6c4289b6c754e658cd30d765952b8a2b985c66f58255f16ba59406df5a5

    Score
    10/10
    redlinediscoveryexecutioninfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      log

    • Size

      155KB

    • MD5

      ee48ea1bb05ba311a404f4ceb4dc260b

    • SHA1

      de40066072c928a1850298944fb561b3122476bd

    • SHA256

      6b60e51d5969097d58f1538d8af62e2c01196fb13b1cfef0413032b1c0bf799c

    • SHA512

      8d0e6b9f700a198e294ae6c20e92033581c4cc1340d2a17eb0e388fe205b79217478c15abeaef00173c3de07155aa5208f64c27b9ceaa0887147ac4ac16fcbc4

    • SSDEEP

      3072:aK7jsid/HtwyCBT2nPOT/DGvPo0KOHQ09ibJVwmJ6KvoK:HB6MbK10AMmJ6BK

    Score
    1/10
    behavioral5behavioral6

    • Target

      lua51.dll

    • Size

      592KB

    • MD5

      3dff7448b43fcfb4dc65e0040b0ffb88

    • SHA1

      583cdab08519d99f49234965ffd07688ccf52c56

    • SHA256

      ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60

    • SHA512

      cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394

    • SSDEEP

      12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY

    Score
    3/10
    behavioral7behavioral8

    • Target

      luajit.exe

    • Size

      89KB

    • MD5

      dd98a43cb27efd5bcc29efb23fdd6ca5

    • SHA1

      38f621f3f0df5764938015b56ecfa54948dde8f5

    • SHA256

      1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

    • SHA512

      871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0

    • SSDEEP

      1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv

    Score
    1/10
    behavioral10behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks