9405c2c2daf28e7298be4e3090ba51b6135be110f57910b0d987be864e316d65

Sharing

Copy URL

Twitter E-mail

General

Target

Sol.zip
Size

10.1MB
Sample

240616-q2w65azblm
MD5

332926f7238a3975b7872b93798799e0
SHA1

9eb9c02506774395cca43012308f3ecf4546abd8
SHA256

9405c2c2daf28e7298be4e3090ba51b6135be110f57910b0d987be864e316d65
SHA512

bfc340051b201178d85edf39d45922523926471ac8e496ff17ae637f4435d5270f1db21bf2a5da475ae1f31bb083c11fbce9870a429636c628797b29a475620e
SSDEEP

196608:Z5Dr6rtW1uCoLbyoMDVYSBWwwvP5Qxyu74dkLOclipKF3oNgWTqGflsz:Z6W1uCYy5VJC5syusOacOK8gWeGfla

Score

10^/10

cryptone packer

Malware Config

Targets

- Target
  
  Sol/SolarB.exe
- Size
  
  250.0MB
- MD5
  
  daedd0adf5c3350ae5a16312887c0d72
- SHA1
  
  2ed4ec4419988106f6ed577e0df423bdb902eb11
- SHA256
  
  998ae90e88e1810bccb2378e6f023348d407829d09a5b21110dfdaddd3d6ead6
- SHA512
  
  e3c69d322497993531182e0baf2f23537edc4d5cbc23ce5e8e8a77d5f76bf82995568bb37f00258b42f902ec52c675b0b5fb2c8098f4c92aee67224935e94503
- SSDEEP
  
  24576:cgkBhqECQiwDnaBCAhA3mmLBJ3OBqaPzrcw8oVfwlas:cgujMu1WN8w8oVfD
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $TEMP/Cd
- Size
  
  64KB
- MD5
  
  9787b131f223482ffc15f76947bec5a0
- SHA1
  
  19d06393d5f50966b603fae3d32809b10d9a4864
- SHA256
  
  eb8eef103fab7b846792f28dbff01b73d06bfa1c0f3928ce5a6d8de20cdabfcc
- SHA512
  
  ba0eff73146407bbcea1d95c285ce415e5a212918b95ef3c3027c0b580830f6cac26e099ab28b94010e246e69b8440ffb0e9b3314d413be4abd96bb68c6b3fca
- SSDEEP
  
  384:TzrevzAHJcXj7c88888888888888888888888888888888888ygIVPsjnQV6QvXs:XCvEHKKgItUHiGb
Score

1^/10
behavioral3 behavioral4
- Target
  
  $TEMP/Chi
- Size
  
  35KB
- MD5
  
  2392cd164a67aed4762917f1fbd48437
- SHA1
  
  f19b0a0592e3da6ba8333f3c3ca640d615b0cd25
- SHA256
  
  2aca4e6c77fd596b8c6099e49e56912092a5e11dc2863a331b48c8f80bdb38c7
- SHA512
  
  82bf7f3fd81e6cc4a018df727883230b9a1aba737b90cf14bf5ea6cbf6caac14c26b607d78095e875c3b73d9cc302d5ae8d33de698a1a0e67874e4e969faf3e9
- SSDEEP
  
  384:8TQ0Snh3HvOLw/319stEjFKr+/Z5cn6Sed0mU:d0UPD/3Efrafd0mU
Score

1^/10
behavioral5 behavioral6
- Target
  
  $TEMP/Complaints
- Size
  
  11KB
- MD5
  
  b3f202b17abe5284e301d5a35278282c
- SHA1
  
  3109e21c17159c63c716f87e7775cd7a1afa1244
- SHA256
  
  deafd926fc222e0c6928d425482fc227dd513c891cd725f5adc0b71556956d66
- SHA512
  
  34520bfc146eadb6f48bdcf99520128ff74625265898d49889ef265b67ec625605cd579664de38d054b7436ba0e8463272bdccd79e68cc7122ae82def07c350a
- SSDEEP
  
  192:A1SXWsR2tlitnzx98QVQ/8tVkUTgBxe1HCjv4pdhhmGj7l0ieJ2Q:AopEitriaIKJ7775i
Score

1^/10
behavioral7 behavioral8
- Target
  
  $TEMP/Cosmetic
- Size
  
  52KB
- MD5
  
  0364a46bece06f9b1f34eb5991d6f5e0
- SHA1
  
  8833b2f210a1ff634894a3704743d037b6a61c4a
- SHA256
  
  9f21a2f6ce028999572e6d1287a142cd590ba4f6cdaecc1c14a098fe9ca6d2d1
- SHA512
  
  18ddad3b8c36be26044d165038f748e99645c852c069e496c4c3d450001c61a9adc81122ea086d89821a622354f1cbe1cc381547d43058fadc9341b71bee898a
- SSDEEP
  
  1536:D/jnsF4rJsx9RZqegm5kEMDzMdMhrNCsGJh5yA05E22VelTXzSjF:sqqnRqgmM0lAYrlTGjF
Score

1^/10
behavioral10 behavioral9
- Target
  
  $TEMP/Dash
- Size
  
  34KB
- MD5
  
  bd9df1e71d978325f89cbfc3e52aa9bb
- SHA1
  
  90bd69c1efd70d1e4d01e3f6470f777b6200d4f1
- SHA256
  
  9c9d8486f1d90725fe16cdae6f305683f44f55eaa77004ac066c1d512c722793
- SHA512
  
  9b50a81adf6a4c2a3a74c0dbe10e53c85e5be8f57ff946fe28853fae18b036ca276258cde6d8da5a42a240dcef702494a4c9d88e90d4c1a612385c346e049666
- SSDEEP
  
  384:pr9LE/MpfhwHLWAkqLyH3Per2Wfn2HuboETcKiKjxq/l1qIvtx4MjNyREfP91up2:1bAGWrT+UTcL4qHq25NKEHq9BxyyM00
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMP/Efficiently
- Size
  
  153B
- MD5
  
  ea841602f3e2966de50caf4ee5b5ac6d
- SHA1
  
  d09aad40b28bb2e88d03929f7ca39cdeedce9c7f
- SHA256
  
  2da46acaa5059d6d1a5e5a9e1cdcd0c2820d3a7eace4dd8f3f82fe45efc1d4f9
- SHA512
  
  033d09357937f8a15d4c1b35fcad494c38d5b9c58e80c4d599db8322f32feaef746d0e1459f23526058e2c346744b5903dd27de72c583a91e43d771c3126feba
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/Emphasis
- Size
  
  38KB
- MD5
  
  29036253812946e75c58fec9d131bd56
- SHA1
  
  6294535588ea21d9728147d6b979a50207ec3d16
- SHA256
  
  47ace9df1b3932718f76f770542d8ba0ea6f28ac1c8e81632fa890fc5bf374a2
- SHA512
  
  d46815fe7a235f4ef22d0a4e91ea222c2414deb84033ff1903ef6d077f4c5b62edde4c393d0781cd35ebb42404e94dd4f9d5f974704278115d6d5159811fd1af
- SSDEEP
  
  768:WVAkGh2RDuaIYXBQsBoDCHT5xv8xV9J7J6Ax6zNGB0toYyncyH9JRpHq:WVLGEDuaiC7v8xV96AE11yHxpK
Score

1^/10
behavioral15 behavioral16
- Target
  
  $TEMP/Enjoyed
- Size
  
  64KB
- MD5
  
  fb4147af4d6b63e4413b6243afba4a59
- SHA1
  
  8d26dd17a3b756080d1676161c7ed8371336cc54
- SHA256
  
  63bec0caabb135c83b5a46d9bb316868599415ad34a4b46c2a6310966a7eecd0
- SHA512
  
  85ea1ec0cc36e60885dfcf3c258e34ba9b55221506bb8f59a68799443f1f795000f12c41b3d63b2a1136a286506b740cd53cafcfbb9f2d0ffbf8b3f813dad14b
- SSDEEP
  
  1536:9kQ3+EX0eomqewgMQjKy6xrnVRCOa69E9wFOUg/R6:KQ3+FnkjKy65nV8I9EDb/A
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/Event
- Size
  
  49KB
- MD5
  
  e8a7b673edeadfe6cc1b8dc094d3e0b4
- SHA1
  
  6579c6f9b7e3c3c7b4b68bc8e0c6400967ddb56f
- SHA256
  
  1086179028f228cb3681db194e02cacc78c99bc20dc1e4243343e2615951b01d
- SHA512
  
  a04ef807a787b1aafe84ae19e32fef64e7d56c82d0441b1e4fa9021b00b8282cb16ba22b1d7b2c7566315cb9fa51c8b05b2308e59fabeb2e5e37f5eec76d3327
- SSDEEP
  
  768:zER24an73S21DUyJN15pMIlIkHlay5sxcj1qeGiReINDpWPIDJ0vLyktlA:zxb7XDh1RlyxcZqvinN8PsJitA
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/Flights
- Size
  
  5KB
- MD5
  
  0090c8c0ae56a1b85ea010ac2e8ee47c
- SHA1
  
  dd0f489363c1bef8b6bc804b5533cd45b0e80397
- SHA256
  
  2abc300bdf6e0835725f51e13f5be4ecb72c17389788c8638b8832923fb657aa
- SHA512
  
  3131095cba10c54ec8d7926ada71bbd9e0a8fe9966b7abd5aee04d03af1d7928e19f7c318339c31b35cbaa2b6b98522d7f0767d888684072987d87a333147ed4
- SSDEEP
  
  96:sYZtlp71aFFjPfjB8PFBjfLM0nMi4BA48Pw2Kh+9ribpMHarucY:sEtlernjuPzQ0nMi4BA48PQh+NEpCarq
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMP/Fragrances
- Size
  
  54KB
- MD5
  
  9e605aafea5360bdd7dec5b53c42dff8
- SHA1
  
  e128962b50b27412cf634e3a32db81494b4a221d
- SHA256
  
  518553e761d1d1e0065748aa9f5b0654d63a04344488eb47dc09376b0a4bdfda
- SHA512
  
  b0aaf02dfb18df1a0ca30e6f54422d88efb914f19042f64f4335c2cdb50bf11879df6e27e78d6b78b254e484571a62fcee4cb9a1dc21fafe3978e754cc8a9996
- SSDEEP
  
  1536:IYAz7FbkdHIx10IKQ8SoXTqgWVrZ+Int3SdFcU:x6pbsHY11XwT5j
Score

1^/10
behavioral23 behavioral24
- Target
  
  $TEMP/Granted
- Size
  
  58KB
- MD5
  
  d046ab88a92a623f82f849b2f4f0dde4
- SHA1
  
  256e1ccd917dd9137d192c1d11c253dd840f934d
- SHA256
  
  d82321dc6bd852c65706c4c9000d6f3b1dd90195aa282720638cb12b443aec15
- SHA512
  
  37f3636112be64910930bee0d3c7bcecf70a5a5e732096840ccce4ce0eda4f6349f0c507c5d3858bcd06f0c42c2f08bbff72c78456850f06b2cd3857dc171dbc
- SSDEEP
  
  1536:QWGJG2kQyyy9FskzWaIxOv/pAfkF/bIQ2dU7S7:Qp02kQi9FsgWaIU/pA8F/bx2doE
Score

1^/10
behavioral25 behavioral26
- Target
  
  $TEMP/Graph
- Size
  
  62KB
- MD5
  
  c92816acafee7dbcd5a28ba4bbb890a6
- SHA1
  
  87657c9a37559428143eba98f7b23e1a0b55502b
- SHA256
  
  adf50025f042c3551f5728c3618836304603821be06e7d87eea2534ea0fcaa8f
- SHA512
  
  6c38bec45c5fd42a4a21668c7eb10ed9364cb9518c617fd6c6fba823497ffddf46b28c90c92a0fdcbabbe7f53619d9379838ccf718ab6b62419993b27e99f9ed
- SSDEEP
  
  1536:AQnz4qDZxj/JiB27MlRHq6EQU7uLQT6unj5ctpYuYu:AQzt9qM7MlRKecTF5cV
Score

1^/10
behavioral27 behavioral28
- Target
  
  $TEMP/He
- Size
  
  27KB
- MD5
  
  d6851f3beb47f41e097e6dbce33c7248
- SHA1
  
  157d611b39d5ad7ff4251276e3c65a2cc48b6fb3
- SHA256
  
  0ce6cb73e663e80c83bed15b2516061be052af171461d089a9c9442bbfce5b2f
- SHA512
  
  5400d282364aee85beeb3d970c6c8e1c3dca0dc3d74efb5626a476d1f87b1a85c6bae5473b094759a0dbdc7b43d484397bf82b3f2c642ed6f1c9adccbb6a80b5
- SSDEEP
  
  768:ocBJQkJworOYQ7ri2paDWah0cGcEfbzklXSZU7SI5:ocP9MTTAD/HAfbwlXSZNI5
Score

1^/10
behavioral29 behavioral30
- Target
  
  $TEMP/Healing
- Size
  
  36KB
- MD5
  
  edc92564aa5e2a1da497eb6cbd12c09e
- SHA1
  
  0a72b01340c50ad270bec8af149707fc0af9469c
- SHA256
  
  4a098c88c5f8e169b6e2d6f15016ba9f6effc01fb12dd2b9fa66d6a9ac82ca41
- SHA512
  
  3e3da8938c99685a76714fc220d239b6ec363e8924945073a4bf064d4aaec3d4d38e76b18d981a2d768e6a2059ae4f73a653300ea9a8d21d0e78b6cf46c87653
- SSDEEP
  
  768:bUZqoFqijmpOd2I9/6rnbq34tnE3a3selwk7rxj+GZ8bvHtPugBYT:b1ijeJE/kbq3In3selwk7gnvNGg8
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32