General
-
Target
Solara.exe
-
Size
63KB
-
Sample
240530-k7nt2sdg44
-
MD5
b0366ac55894b55435b8532d38d832eb
-
SHA1
4deadb6e63ed9a55613582f55d00260131af2f63
-
SHA256
ac8a918e84ef35d0f4c0c05f68f50ba8700f00b0e4af46e9b798d4aba9d818ff
-
SHA512
94b9689a365bd4491249e0ac4283a3829463753b60636edf655cd2bebb8fd63bd6bb5e2b44a4c2e82d22f9e308eeb475f25228dc6b62f4d5489d79208cc01a04
-
SSDEEP
1536:PZLydsig+nK5EzHRzEnlm32ErNZWLRJZ45J3q5fKAr1:esiRngORIl0rNkLRJZAJ6V5R
Static task
static1
Behavioral task
behavioral1
Sample
Solara.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Solara.exe
-
Size
63KB
-
MD5
b0366ac55894b55435b8532d38d832eb
-
SHA1
4deadb6e63ed9a55613582f55d00260131af2f63
-
SHA256
ac8a918e84ef35d0f4c0c05f68f50ba8700f00b0e4af46e9b798d4aba9d818ff
-
SHA512
94b9689a365bd4491249e0ac4283a3829463753b60636edf655cd2bebb8fd63bd6bb5e2b44a4c2e82d22f9e308eeb475f25228dc6b62f4d5489d79208cc01a04
-
SSDEEP
1536:PZLydsig+nK5EzHRzEnlm32ErNZWLRJZ45J3q5fKAr1:esiRngORIl0rNkLRJZAJ6V5R
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-