General

  • Target

    SolaraB (2).zip

  • Size

    6KB

  • Sample

    240615-lb1peavgph

  • MD5

    cfa8b83f9b0be49c84123151a1b7e611

  • SHA1

    8b65ec5c9adcd3af9d94db2bfa5cc0c4bc8dd708

  • SHA256

    a14170015ea46f9d7db5e90977543ae3dfb41b0913a5ffc41743e3a9589d96a6

  • SHA512

    7dfdca1fddca8960edc191467f155179dc9adcc281a9e14e8fa217f598cc2515bead2d4a423dc1c49b7bd608065cfeef6367ef2061ce20a5d890c10e8e087c7c

  • SSDEEP

    192:dRJ89Ip1i9nW1ADjQRYmfXBj1hfC95CM5wVddH:dRJ89Ini9nW1ejQqeRjvfQ5wvdH

Malware Config

Targets

    • Target

      SolaraB (2).zip

    • Size

      6KB

    • MD5

      cfa8b83f9b0be49c84123151a1b7e611

    • SHA1

      8b65ec5c9adcd3af9d94db2bfa5cc0c4bc8dd708

    • SHA256

      a14170015ea46f9d7db5e90977543ae3dfb41b0913a5ffc41743e3a9589d96a6

    • SHA512

      7dfdca1fddca8960edc191467f155179dc9adcc281a9e14e8fa217f598cc2515bead2d4a423dc1c49b7bd608065cfeef6367ef2061ce20a5d890c10e8e087c7c

    • SSDEEP

      192:dRJ89Ip1i9nW1ADjQRYmfXBj1hfC95CM5wVddH:dRJ89Ini9nW1ejQqeRjvfQ5wvdH

    Score
    1/10
    • Target

      SolaraB/Solara/SolaraBootstrapper.exe

    • Size

      13KB

    • MD5

      6557bd5240397f026e675afb78544a26

    • SHA1

      839e683bf68703d373b6eac246f19386bb181713

    • SHA256

      a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

    • SHA512

      f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97

    • SSDEEP

      192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      SolaraB/Solara/workspace/IY_FE.iy

    • Size

      539B

    • MD5

      291d5636a434c4f1ceb0f3f776c2a51f

    • SHA1

      ae287e08f71c522a72812f0dace94b8ffb569341

    • SHA256

      73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452

    • SHA512

      7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks