General
-
Target
Solara.zip
-
Size
459KB
-
Sample
240524-zb6gjsab5t
-
MD5
aae266dd3adeb883645fe988beb9f7f2
-
SHA1
506b4535d398c8a8d807c155d8ab0cbd5e6b6829
-
SHA256
00304df98f53530d2ec1f38078442f3eb70fe0ee7d915ce2268c754b126a963d
-
SHA512
b2081e0abb302492c7a6f80af54360a2dd38160063f4a7c736dac6e36a543d62d114bdbabe650de68b42800be44af7681473c4b38eccbe115135e0b9e8880f6c
-
SSDEEP
12288:hq4z/KNGAm2Zw3NNYLepb/x5HmhO3uu6ZWc/VWmJzFiW2/Y18j6:44TdrAgNYCxlm03uu6ZW2VWyQW9M6
Static task
static1
Behavioral task
behavioral1
Sample
Solara.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Solara.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Launcher.bat
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Launcher.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
log
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
log
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
lua51.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
lua51.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
luajit.exe
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
luajit.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Solara.zip
-
Size
459KB
-
MD5
aae266dd3adeb883645fe988beb9f7f2
-
SHA1
506b4535d398c8a8d807c155d8ab0cbd5e6b6829
-
SHA256
00304df98f53530d2ec1f38078442f3eb70fe0ee7d915ce2268c754b126a963d
-
SHA512
b2081e0abb302492c7a6f80af54360a2dd38160063f4a7c736dac6e36a543d62d114bdbabe650de68b42800be44af7681473c4b38eccbe115135e0b9e8880f6c
-
SSDEEP
12288:hq4z/KNGAm2Zw3NNYLepb/x5HmhO3uu6ZWc/VWmJzFiW2/Y18j6:44TdrAgNYCxlm03uu6ZW2VWyQW9M6
Score1/10 -
-
-
Target
Launcher.bat
-
Size
722B
-
MD5
d3536bea5d026490a43f81ce81f8af36
-
SHA1
9dfae9303c3cc6059dde651de143d692bd250715
-
SHA256
e5ac9e35df655c6014503b3f3c0cf7beca2839798f973e031b353d8f58679bea
-
SHA512
1fcd1685d10adb21011a7125dc75e8e1c39652bd04a13d511a8c4b7bea6fb8e1df7fd6c4289b6c754e658cd30d765952b8a2b985c66f58255f16ba59406df5a5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
log
-
Size
155KB
-
MD5
ee48ea1bb05ba311a404f4ceb4dc260b
-
SHA1
de40066072c928a1850298944fb561b3122476bd
-
SHA256
6b60e51d5969097d58f1538d8af62e2c01196fb13b1cfef0413032b1c0bf799c
-
SHA512
8d0e6b9f700a198e294ae6c20e92033581c4cc1340d2a17eb0e388fe205b79217478c15abeaef00173c3de07155aa5208f64c27b9ceaa0887147ac4ac16fcbc4
-
SSDEEP
3072:aK7jsid/HtwyCBT2nPOT/DGvPo0KOHQ09ibJVwmJ6KvoK:HB6MbK10AMmJ6BK
Score1/10 -
-
-
Target
lua51.dll
-
Size
592KB
-
MD5
3dff7448b43fcfb4dc65e0040b0ffb88
-
SHA1
583cdab08519d99f49234965ffd07688ccf52c56
-
SHA256
ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60
-
SHA512
cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394
-
SSDEEP
12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY
Score3/10 -
-
-
Target
luajit.exe
-
Size
89KB
-
MD5
dd98a43cb27efd5bcc29efb23fdd6ca5
-
SHA1
38f621f3f0df5764938015b56ecfa54948dde8f5
-
SHA256
1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a
-
SHA512
871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0
-
SSDEEP
1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv
Score1/10 -