General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1251265775147155476/1251476669148037243/SolaraB2.zip?ex=666eb7f9&is=666d6679&hm=61d1ab001ff3defffe4852024a8fa7c530e3abe328431ecdffb64f61e2620e59&
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1251265775147155476/1251476669148037243/SolaraB2.zip?ex=666eb7f9&is=666d6679&hm=61d1ab001ff3defffe4852024a8fa7c530e3abe328431ecdffb64f61e2620e59&
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-