bba9ee471147935cf964828b3b3c34baa045207b4fbe1c96743943f8cf71375c

Resubmissions

10/06/2024, 21:47

240610-1nn9ga1hqa 9

10/06/2024, 21:44

240610-1lmb4a1gqe 9

10/06/2024, 21:40

240610-1jlmsascln 9

Sharing

Copy URL Twitter E-mail

General

Target

Solara-main (2).zip
Size

14.6MB
Sample

240610-1lmb4a1gqe
MD5

6b1d4d347523de7994c30aafa136b758
SHA1

a900b7520ffabcd764293f15f0a31b5acf501368
SHA256

bba9ee471147935cf964828b3b3c34baa045207b4fbe1c96743943f8cf71375c
SHA512

e2c7d690856371c378827a986e80fc9c5cca951d1d8df7ab18956140f97b4bb7c255dac4c0da8b8f73a67c7572f15ac5cb0398054d9448febb36de61404aa5aa
SSDEEP

196608:NctxHIbi1chpdUt9G0NI+miQSAwPIJqDDTI3vpHRJkATc8/ehHKj/zAnHN8rCObr:NY2bi+lE9pZQSQn3jWP6ehH6/zs4xdCe

Score

9^/10

Malware Config

Targets

- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/call-bind/test/callBound.js
- Size
  
  2KB
- MD5
  
  6c09da27d70f11be33c5bc1d70fe5860
- SHA1
  
  b21805be0c0db457d1364abe0103ba75a56fe66f
- SHA256
  
  67da6de7ea66108ea3f035648b367cb8bf7dac8148b798a54b5b9de8f7f6ef65
- SHA512
  
  8dd6654332b5660d787616252ca231283a6406dae97e8f07e88ffacc2f8a0b38c0bfe1aee5c5a734b4cb507ea51357cef2bfe226f4cab09d57c74d053f80c126
Score

9^/10

evasion execution themida
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/call-bind/test/index.js
- Size
  
  3KB
- MD5
  
  1d142c2d932051d54112bea94ff6142a
- SHA1
  
  a1346ce0b0477686c27c61c025285e591a49d95a
- SHA256
  
  c5ce4bfc6eac66a6073f5c59868d1e9220c9f4e5ca5033ccfdd2d515d661d13d
- SHA512
  
  af5f6f4e40ea030fc645bf1167ddf0157c8aad1b060df3a99b1ea322eb4e739e68e67cf9482131e9da0771bfaa15e4903f696be8913770c4a9da589b7734c353
Score

3^/10

execution
behavioral2
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/content-disposition/README.md
- Size
  
  5KB
- MD5
  
  cbd415ae5e4605f9ce13640c323d8aaf
- SHA1
  
  e1d109d584a63de2418adfd8fb59b298d0d9368e
- SHA256
  
  871c5ec648b67ad1a5791c6c4f95e5bb5df78ecc9aae0a3387e2a08e068c6968
- SHA512
  
  4454179d3ddeeb49393df168db1867d19054c44b60e1da5ff5555d26a8f0ba9cc5f3d5dadce76ebcf0110924c440a10e01969ff701076a38a2ff8673db6325d9
- SSDEEP
  
  96:eXCnQ5B17X/AU4M58ZBB/WfUt41lFXTpGa+O/iOu:eyAFXz58ZBMT1l9bru
Score

3^/10

execution
behavioral3
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/content-disposition/index.js
- Size
  
  10KB
- MD5
  
  43a307ff7de26dbec523ec966c434f94
- SHA1
  
  ed7f187b72a7b1f81d113bad5aa9347c242120d5
- SHA256
  
  e86a88a5d1a9dd74faa753ca4e47a78e38ae930f3206e5e887cf6cb0ad70cbf8
- SHA512
  
  79c073d3f0dea6c1606029b9a476cdce30ebbfb7b6ca95935a2e3f2cc97e70f3f00dbe8b7067beea78dae120f4941e60a7aa26592cff18e5cdf56f335127092d
- SSDEEP
  
  192:NnPSCe5ZBHNVzX1t6/khk3bnEm+4qcVupDAGJvyAJK:NnPSD5ZBttXbMqenircgDAwrK
Score

3^/10

execution
behavioral4
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/content-type/README.md
- Size
  
  2KB
- MD5
  
  cb19c8aba870601aee363ac2302da33d
- SHA1
  
  f41b2b41f354438d6ed00d1d028b54a93fa15862
- SHA256
  
  8793880cbc4fd7294dff8562b71d9381ea1c0557422b66007920415ba439486e
- SHA512
  
  58991d9dcc472f56d93bf69b65ef6c5d0b1f4ad0a094a812411e75d32adbe9a54ffb3739ddeb71dced591bf2be220740bc17aff7e9087069c0dce94a99b3468f
Score

3^/10

execution
behavioral5
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/content-type/index.js
- Size
  
  4KB
- MD5
  
  4781c7ea0309edac61c3a36e3ea9da10
- SHA1
  
  1b6e7e8d1963ce958cf0f225223fadb5ef12f86d
- SHA256
  
  7d76ae0f8ecc0a8c053de97b0f695f3fa3df33f692d1bd241307995304e5f63d
- SHA512
  
  d458f8962f44ec30bf519a54aef063960d9cac2a954493383fc2ef46781c3244740f18c7daf1821b4e0babbd56b356228f7247ce40de9f3276de91a71c66c78c
- SSDEEP
  
  96:CJFvvhHgqZlI8IDzdlalSqZf/gf6GosMySqUqMGa9Nw+j0i8L:CJFHhAqbI8IdUYVhvJMG6Yii
Score

3^/10

execution
behavioral6
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/cookie-signature/Readme.md
- Size
  
  1KB
- MD5
  
  57ae8b42de3dd0c1f22d5f4cf191e15a
- SHA1
  
  eedf0ded937f36b8ff5054a5b08cf38fdc241deb
- SHA256
  
  1621ed10d0b2f865eb8608e0474a356cf7a9737a384b6593b61b30a9f6e50366
- SHA512
  
  c725e8c112ae4ffb9593c512636d1c9208cf10bfb055901a00d0dc892c95617ad3300829256972bb3996914b085d0a862207d214d0f9342741135d7e1e0ecb91
Score

3^/10

execution
behavioral7
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/cookie-signature/index.js
- Size
  
  1KB
- MD5
  
  a9634aa95d321b9a6d90bec5d3d23937
- SHA1
  
  bb5c2c0a463aa10074caf991f67681231b1f0c21
- SHA256
  
  8d762862020064468b4af17e561ee1ee29d9d55311a1c19d958c4ff2be912963
- SHA512
  
  214e27edb4367aa2ef322c4d857a918ebd57bc825646184f90fa6911f830b3755fce1fdff30a5d231ea11ba4ddd82b4f2afc36451289f0b4334c445e9a26dc48
Score

3^/10

execution
behavioral8
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/cookie/README.md
- Size
  
  11KB
- MD5
  
  683e2286b5cb5bd1b4b36866f573a29f
- SHA1
  
  a4d68d3f76512c87cfbcf6a6e553876d1980a6e8
- SHA256
  
  ba8b36c7d860d6ef37887b6ef496a486e91aefe5229f65157cc8b44725b9bec5
- SHA512
  
  8f6fa08988cabc1d90f6523d3ca2d09e89622aecbf2e954e67241a076f43d3db0eca3bb16b28cd0259e851305631f8dc42299a78aa400ce0623ac90b7c56c218
- SSDEEP
  
  192:gC6nTuN1D5AKINreMblbEnV4zrhw5lPOkRHPL+gqdd7SHlxlmzrMtCT8+cNkq:QuN1D+9eMbFES36RHPL+b8xQTimq
Score

3^/10

execution
behavioral9
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/cookie/index.js
- Size
  
  5KB
- MD5
  
  db5deda6183845891fe9b5667cde042d
- SHA1
  
  ee23ab87c951b0d3e3cdf1d6072a126a84491335
- SHA256
  
  9fd02358eabdf6c27b388dfdff94061655620a352253bfc5b01ee4cc30ca36b5
- SHA512
  
  1b6957f2ef28c5d4e14e02e8d6fea08d7210c0f2eb9de4788799fcc57d806998448622145ca45f0f605db447d97be982c62211535bf421d8c02d9e384e7db339
- SSDEEP
  
  96:sdChhqAp9V3vGycd6mDxj64MRHMqwa+8g+3ndAVVJiN9B2RQhAh++xctZt1Y1JzI:G+hqmP3ObxlvodnwRQhAU+it9szI
Score

3^/10

execution
behavioral10
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/debug/README.md
- Size
  
  17KB
- MD5
  
  03694893d682191b3c893701ba6f4a55
- SHA1
  
  38096a9c10830714695a97a8501b817eb0a7534e
- SHA256
  
  cda3dbd285a2b65894758565a565e7bc2e7c3696225af7b5bd01454240df0aea
- SHA512
  
  3b80ea8a912ec4ddf1a1e2fc3f3ebd8f4bc6f591f9b2732694cb5627c549d7911c1a6eb82ab68ac025e13e090b3e39b8b4ae66a9159f45696b6343ce76213f54
- SSDEEP
  
  192:H6R76Zbt7yJXxRrHQbSb4BDyzWM/XAoxIM6jep2JVhgu9o8ZT/ueXBEgdjaSjVwo:U7DxRrqB4rxIMajJVeqaxq3
Score

3^/10

execution
behavioral11
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/debug/karma.conf.js
- Size
  
  1KB
- MD5
  
  06f3babbdc43c6c4dd1493b6c1af32e2
- SHA1
  
  93fef7cf3ed6f04d2cfc3cd0b8d5d972d35cfd29
- SHA256
  
  2430869adb61a5e24a3612110a9b49a948e6db43ab7e947c003a9c19c478e609
- SHA512
  
  ad65132ed6f675f6f318fefa36f4e6c23f3ff4dc47d02575f6d5bef7b062a2e90aea1a43dd5327c2565be3d834c969ff2ae3efdb2add4a958882a6f056f659ea
Score

3^/10

execution
behavioral12
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/debug/node.js
- Size
  
  40B
- MD5
  
  79f3814f32362c1c6f9dbb8a1e3b01bf
- SHA1
  
  aa7655ee80c9a485313675f9379c2f18d33ea061
- SHA256
  
  996b381f353555cb172ebb2802bb2a7323442ff67b7b530cc26834058d7f31a2
- SHA512
  
  61367ec2aff9349e203a295fe1bc28faddc6d80b556660f56ea49d6625d6228212fe82d7398114509a3b8d9ad4026429f0ebb849579c7481928f47f37c8632d5
Score

3^/10

execution
behavioral13
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/debug/src/browser.js
- Size
  
  4KB
- MD5
  
  62cfee6d6dd5ffec5d3ed35073791aec
- SHA1
  
  c41adc79487f377d3dfb397c531812fb9cc429a2
- SHA256
  
  0144ab6a52b9330c567de11a5c3a4aea35cdac47a4c106482aa24ae8054cdc6f
- SHA512
  
  920aea250d98e29e8005ef0185df5e34bc426d321785df07cbabace60bdbcfc6c92e2ff0c9f226a54925d2c7d595035efeababc935c7f1a4c704e7a7ef641339
- SSDEEP
  
  96:Yl2YeMOqXjS+qBAyJN3spJaRCWqS9KynCYBPVQPVI8rxjpXTjjnZwEKlTDDFanP/:EHX2+FyisIWznCwPVQPVIIlpDjjnZwju
Score

3^/10

execution
behavioral14
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/debug/src/debug.js
- Size
  
  4KB
- MD5
  
  74bdccf347345d27fe8a4ac3add99c60
- SHA1
  
  a2b8a915c86fc750f56a7137860f19ec1182ee21
- SHA256
  
  d8d1c1d6c387ab67c3f28d78fd0b20b9becd69442db9d3efe110ca464b509c8a
- SHA512
  
  c2d47efee2a4442be6375d623f46b4c7ee9552c132b9229eb284bdd98629edd02664167805b0af9b3faaa9b1906e9ed0c5e383396d4995cef7051f9a450e1b99
- SSDEEP
  
  96:TlGI0EEQUGReeJ57vPukDprmTC70WWnuOV123LwdVVktI15wHlL6ci6:JR7Jprp70JX23KVVkWsHZ06
Score

3^/10

execution
behavioral15
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/debug/src/index.js
- Size
  
  263B
- MD5
  
  dd13897ea2eed92695bb7e4e744a9148
- SHA1
  
  182314d32e789e4f9c29e3150ae392f1630f171c
- SHA256
  
  9a34fedeb2d269c46ed94e6f13039eb0d16d866dd460ec66fa3acd78122fa9fe
- SHA512
  
  0b53bc984178336ac516601e72d477d2beeef6936800da17d3a79c153e0036f7428517ebd75d296729f65856c7e07749029f5aa192b2ac071efc4d3e39750a32
Score

3^/10

execution
behavioral16
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/debug/src/inspector-log.js
- Size
  
  373B
- MD5
  
  b22697b673c7c3586f22ae0206258fde
- SHA1
  
  b2f2996b1f38b6cec0b1746be6cfe458f2585eac
- SHA256
  
  949ae67ec1b655694f83dce57d47d9d77234f9e7d698616932a90e69c7afee91
- SHA512
  
  4ffd89dbc519a1f6c2f56a1b26f1aad445df8d5096da1453645dbb67dc58b17ae9143906357ca4af60059740c3ba34f7233049652b805d1afed3fd206cd55a0c
Score

3^/10

execution
behavioral17
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/debug/src/node.js
- Size
  
  5KB
- MD5
  
  25807a97fbb1fcc42a013abc7d7768c4
- SHA1
  
  f24d52cbc9144b011def218234ff7b50e7ddcb19
- SHA256
  
  a3e83594a4ce88997e2e4fc66bc942b17b9d736290ad62560c7f09d6d0989ad0
- SHA512
  
  8d316b63700126d7c8965a886e9b35a332d3f7e68d28f2264d235c0afad28066f877f25821e1983ddde5f2d5052716cc73338779b41b6f4d1b90ad33dc3e9f24
- SSDEEP
  
  96:2l2OYeMOqXfMWj7/UZIjh7X7QcYX82ue1jGVLE9RlbME6tCUXXuVTtAH1ReKLGH/:WAX3tJ7nYMu1jGVLE9RlbDECQoTtAHbC
Score

3^/10

execution
behavioral18
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/depd/Readme.md
- Size
  
  9KB
- MD5
  
  42d9d887a8cce3b2ab9c8da4faed33e3
- SHA1
  
  dee99fab95a6441191c709b010babb1a7015b575
- SHA256
  
  11deb26eafa25a465ffb8a8e3c28195eb40e679fda52b760132dbe9c9b21fb5c
- SHA512
  
  d9b07553c1c5fc505732d1435b81accbfe5d164728fd0c7ea0e179582bc6f4fb9da7047e119468e6431903dda8564d4a26608cdfab5e2f7344d2f56a25b021ad
- SSDEEP
  
  192:pC3g93tCl7wTGdJfXkSCbkIwtN49jTgokqtEnKwGqM0J5GcTYGphchGvna:KM960TGAS/IwtN49jTgoksEnKwq0J5M9
Score

3^/10

execution
behavioral19
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/depd/index.js
- Size
  
  10KB
- MD5
  
  002a1f3e813cc05d9e3cc011f6601628
- SHA1
  
  1690c27457637ec234d6b7658f1b96e547a0eb99
- SHA256
  
  4d587a5662e20a7bb9bfe6555afe5987e1b80303a819b447394f37a93297ee91
- SHA512
  
  ea1ad9bcf09a73a10dd1fd8a66daac12f87725e16ad27e7beff6d9fda937579976cd5d7ed6439c4122b16178c3ffdf410d6c7a54918f94bc98fa7950adf3bd54
- SSDEEP
  
  192:vpe1221Fdc5jXmXUApvcvcBGtXY/KQYbUY/rRgrNoYo8GVHXWVhVO:vpe191Lc5G0k//YsNIVHXWVhVO
Score

3^/10

execution
behavioral20
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/destroy/README.md
- Size
  
  2KB
- MD5
  
  5866f60785543ab8d86b79dec253db49
- SHA1
  
  31d6d0f4b8f17c2551540857056950c406618f51
- SHA256
  
  80f720db998d4728565126ea1d4b96c5248d35c2e53032d23692ce3930de69c8
- SHA512
  
  bf638f2f6112c8231c08a26784b0f86079494b4dfbb14d59ba87b0a72075ff1364fcc796463e6055d120e6faec30a47de4f351fb769f1548d5c213ecb45b28ed
Score

3^/10

execution
behavioral21
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/destroy/index.js
- Size
  
  4KB
- MD5
  
  35723299a9b5b96d111cbf94c56c898f
- SHA1
  
  6547e9c6dbfb287cb22819955726efc01a29950f
- SHA256
  
  b54f50db059987726ce2bdadca5d66a1e3ceef183aa5f43ce61aa53f05c36cb7
- SHA512
  
  d68622a50b1efa8c3ba52fbf8f1a036cffafe608dc0788013f9b7347c7077f3167cb2504d54815750225dad601c376a485357906f3c0cb6493bbac67d4ac9579
- SSDEEP
  
  96:QDxP4dH18X0MJ1ncBEPwxr+Pfdm6h0eFoFXJ:QDxPEVXM3ncBEPwocuFoF5
Score

3^/10

execution
behavioral22
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/ee-first/README.md
- Size
  
  2KB
- MD5
  
  8591e9d47fb8574f4a99ac3de242b3cc
- SHA1
  
  7c611cdeb6b66df78adfb4b1a56fec087dce14b5
- SHA256
  
  4480e03d020436e665886a99120abb2ee7fb422850e1b53ccbdbdbd251414c23
- SHA512
  
  3309f93386f1a8275f8ef1d76b2e242c8287c39662be567a501dee017b5564c0f1e73ba332816fd6387da5497918a5b2824dc0da94a6b1ecd7a87c85f1fb2aef
Score

3^/10

execution
behavioral23
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/ee-first/index.js
- Size
  
  1KB
- MD5
  
  e7a3f46d4b903c9f8a025cb753b1a538
- SHA1
  
  6721b521ac3509731d3d0f9b0074908176e1fcc4
- SHA256
  
  29d3cccddc7148f48715bfc94eb6f7b9f9132a5ecb704b9d4b713de87e7603dd
- SHA512
  
  8e679ea25f82928ed7d55a6e2c08a647c6457d84749155716273ba3b33a030c262dd359a3bbb12465a58e3dc89bcec9c3fb7e9ce64b3ecfbf2b14df49b9dafea
Score

3^/10

execution
behavioral24
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/encodeurl/README.md
- Size
  
  3KB
- MD5
  
  927f12b955e3abfe907852d1ab957002
- SHA1
  
  f7ff11de5504ca62a1d60994ea588f0242b59946
- SHA256
  
  c034db4c4433ac44bbc3ba626d1d2d1b02a6b6b76e0a8c92b6760dae39c5c59a
- SHA512
  
  036509265d14a13d271328373d996dcb9ddaec7c6e8437dc70e282cc8f50008c2e4addedb6eb6447171cb238513504f732d960aca3ed973b93f7cb80a29e4ab1
Score

3^/10

execution
behavioral25
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/encodeurl/index.js
- Size
  
  1KB
- MD5
  
  b90cf71779f72e14be703a4e494e968c
- SHA1
  
  842f42d9ee581d91ac82a7fa018f61bb3f8ef63a
- SHA256
  
  1d0a4e941c1504dcd9bc6cfbb77f7b44d93e56a29cba6f2ccebd78d501a51c16
- SHA512
  
  8db5d9a938f397c11c75c77c0cbe6eb609c5d4f81a590f221163fe3291cd0cb2a6286ba8935c8f8cfdabecec9f7e49a5bfa836dc777e936271fbe0daea7414e6
Score

3^/10

execution
behavioral26
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/es-define-property/index.js
- Size
  
  358B
- MD5
  
  b7bc620dd53aa6a7dd2ec301305117fe
- SHA1
  
  b9844cded75ed1bc40675391eca0bbc19dedf42b
- SHA256
  
  9c4b9a7edafeb02d872b9ad6258154311fd4f43cdf719e2de736973c016219d9
- SHA512
  
  8d92d968347fe07872f7e6c9081493b987d9c61e2d7fa27d6f0acdb82f9a7babc4b6ab8563abb7964f67ce86c5de47e803e81d8bd06f3bb455e12c2abe5ad011
Score

3^/10

execution
behavioral27
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/es-define-property/test/index.js
- Size
  
  1KB
- MD5
  
  8b33ac3f76b3ad73e60ea886d97245e5
- SHA1
  
  df572e1408cdf0a4be5d1d6898837f82da7233f1
- SHA256
  
  643be90198baf64c2a766c7c373ae0bebbf5f8717ed60d82437b5807cbde1ca4
- SHA512
  
  73b7f867fb282eaf9a847597e408741c7fefbc96812499b71f7cc1e0994bceb3b5aa153dd1ce0a429cc70a560b0345371f56f2beb51e2d1840adebccb32e5841
Score

3^/10

execution
behavioral28
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/es-errors/eval.js
- Size
  
  75B
- MD5
  
  1e89f5b29003f4edb43df2dd17d42317
- SHA1
  
  3dedecc34d8c8ec860e4c49e51051f60f4d87f82
- SHA256
  
  d3161a97f162b483206e9849e41bb17fd54166810c76ebaa1df068133e54caae
- SHA512
  
  6edae4a2c632c3449ea3e3df655e7666eefefa768b6ce1b8c6167618bdc87dc06dff2f354ff138fea0a96fe88c01bad4e6fccc41b3d2c22998029ad70ea55609
Score

3^/10

execution
behavioral29
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/es-errors/index.js
- Size
  
  66B
- MD5
  
  f8ebbf637a1ab43a7188d855fdc7787b
- SHA1
  
  46d0fbbffb2d11bbef33b5c23ff2014f0f1b7abe
- SHA256
  
  28fee350e89561019cf27ea37a313b4b4995f521fd087198fa235a8f135962de
- SHA512
  
  b44f3cd6cad2e4d3a476ba898bf7d87525d42f013449a935a3de92bef973b925805a3faa9c8c3832cd8bcf121aa9ecb5efc552e165a5ff3c09d14fd5150c893a
Score

3^/10

execution
behavioral30
- Target
  
  Solara-main/Files/SolaraBootstrapper.exe
- Size
  
  13KB
- MD5
  
  0cc81729f4bd4a6eac95cc442bc8df2a
- SHA1
  
  5d5f367e720684dd64cfb5340d9911ec0782fdac
- SHA256
  
  92960ae4a38d896418a14a1db5ba1547aa273443790e858d00dac4ce64550c2a
- SHA512
  
  f6fc1fca47e4620e24652d8dc2aa88cdd7363172b31122c05d262349aeec88407a2b3fbbc4e4834c359960d4981fb9f674cfbfd9d5743dc917df72a3ebfb3c90
- SSDEEP
  
  192:+ZnqvqiVx1BLO77IaqaLHmr/XKTxnTjw1hOPVXmNjA:0nCVxoIaqayzKtnw1h6VKj
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral31
- Target
  
  Solara-main/Storage/Drawing.lua
- Size
  
  15KB
- MD5
  
  2188315d9feaadaff6b9da788881eb1c
- SHA1
  
  d2d321f24fd51d049c4d5355cac26f744a4b49ad
- SHA256
  
  36c9b16d8fe02a7b5f7e874056158bb80f11d9787955785b71dcabfcf0b7876c
- SHA512
  
  543daf72639b642a9ca9a8c249ad2f877a2781975da0db3008c3777cb57ae265dc0d5f4f0bd0c597f370907e6a05a31097ed6256373a50c936d60173148e4092
- SSDEEP
  
  384:EDQBXf8WDP8g8KUy1qjoRpR9K3CYoj4jRayhfuojrADopXMF6:KQBP8Wz1qjXoj4j/4ojHB
Score

3^/10

execution
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Executes dropped EXE

Loads dropped DLL

Themida packer

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32