General
-
Target
SolaraBootstrapper.exe
-
Size
20.6MB
-
Sample
240526-zlnz9ace75
-
MD5
85e8c5acfc113792ea950f0f9974dde6
-
SHA1
b98fd74d3e1f9277ba3fbdf70821c41bd8b553aa
-
SHA256
6b5bc20646f1d8c2b40dcaa0d716d6fa8aa25589c54043cf0fa547a21d10fcf4
-
SHA512
9e86d41b77de5e5290b3e66d75c620a2ca86d8166474ca743948b62e186d350433eecbd5c6c7212cdce24bf11d5ee7213127ecbd773ad9112af507747afeb021
-
SSDEEP
393216:1o9DM45Ct55L1V8dkurEUWj+rM6EGPKSUuK+:a9NMXRndbmM64S7K+
Behavioral task
behavioral1
Sample
SolaraBootstrapper.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
SolaraBootstrapper.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
SolaraBootstrapper.pyc
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
SolaraBootstrapper.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
SolaraBootstrapper.exe
-
Size
20.6MB
-
MD5
85e8c5acfc113792ea950f0f9974dde6
-
SHA1
b98fd74d3e1f9277ba3fbdf70821c41bd8b553aa
-
SHA256
6b5bc20646f1d8c2b40dcaa0d716d6fa8aa25589c54043cf0fa547a21d10fcf4
-
SHA512
9e86d41b77de5e5290b3e66d75c620a2ca86d8166474ca743948b62e186d350433eecbd5c6c7212cdce24bf11d5ee7213127ecbd773ad9112af507747afeb021
-
SSDEEP
393216:1o9DM45Ct55L1V8dkurEUWj+rM6EGPKSUuK+:a9NMXRndbmM64S7K+
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
SolaraBootstrapper.pyc
-
Size
44KB
-
MD5
9f241419142904350c75b6b7efc989a5
-
SHA1
3f17c020abcdc918171bd234dcfba603ac0dcf17
-
SHA256
9aad9ba8c5c99d686bfe97c913e58c5490d7c1c00a66a03346f05c65aefafe69
-
SHA512
80e688059f563e873685b522c428cd1df908affa462a507ba524916899fe4cbeb20df74958749f0389597bd92a67c17f81768537bf5184ff647c6088ccbb54dd
-
SSDEEP
768:n9JWUQ4PFDea6iMVqD62oP2ASzvrLJHaj9bmJACa06hYFUDlhLx3QpJ6y:n9JWN0FDea9sG6sAg/J6j9xaUDlhLxA9
Score3/10 -