General

  • Target

    Solara.Dir_4.zip

  • Size

    13.1MB

  • Sample

    240611-ma3ytatarb

  • MD5

    0ef2803e51d7a855a25615095fb3c3d6

  • SHA1

    6a611a7e5351cb9a9217aedeb7eaf90e12f0f88a

  • SHA256

    56c860462f30759c805c66f5154cb2d9b6a292c84bfdd1ec7ecfdfeaa824bf0f

  • SHA512

    3a08f74233fdacc5a7e2fe635a2745aa798ab81dff5a8e4fa81e4e8003ead66f8c6133d4d927b768cd84a023a274e4964fa6b7970cb5991e688bd62396884208

  • SSDEEP

    196608:iDqzkhlfTCMgEcjr7vv6i3rtw6dsCtxMWbq3xjnBiGGwMVeA43L+9lNVhtGcLcTT:iNNglrP/+2uQngjaXNV/GybGv

Score
9/10

Malware Config

Targets

    • Target

      Solara.Dir_4.zip

    • Size

      13.1MB

    • MD5

      0ef2803e51d7a855a25615095fb3c3d6

    • SHA1

      6a611a7e5351cb9a9217aedeb7eaf90e12f0f88a

    • SHA256

      56c860462f30759c805c66f5154cb2d9b6a292c84bfdd1ec7ecfdfeaa824bf0f

    • SHA512

      3a08f74233fdacc5a7e2fe635a2745aa798ab81dff5a8e4fa81e4e8003ead66f8c6133d4d927b768cd84a023a274e4964fa6b7970cb5991e688bd62396884208

    • SSDEEP

      196608:iDqzkhlfTCMgEcjr7vv6i3rtw6dsCtxMWbq3xjnBiGGwMVeA43L+9lNVhtGcLcTT:iNNglrP/+2uQngjaXNV/GybGv

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks