Overview
overview
9Static
static
3AnonymeTrialUi.rar
windows7-x64
7AnonymeTrialUi.rar
windows10-2004-x64
3Lmaoo/AnonymeAPI.dll
windows7-x64
1Lmaoo/AnonymeAPI.dll
windows10-2004-x64
1Lmaoo/AnonymeAPI.pdb
windows7-x64
3Lmaoo/AnonymeAPI.pdb
windows10-2004-x64
3Lmaoo/Sola...er.exe
windows7-x64
6Lmaoo/Sola...er.exe
windows10-2004-x64
9Lmaoo/Sola...or.txt
windows7-x64
1Lmaoo/Sola...or.txt
windows10-2004-x64
1Lmaoo/Sola...df.txt
windows7-x64
1Lmaoo/Sola...df.txt
windows10-2004-x64
1Lmaoo/Sola...le.txt
windows7-x64
1Lmaoo/Sola...le.txt
windows10-2004-x64
1Lmaoo/Sola...et.txt
windows7-x64
1Lmaoo/Sola...et.txt
windows10-2004-x64
1Lmaoo/Sola...le.txt
windows7-x64
1Lmaoo/Sola...le.txt
windows10-2004-x64
1Lmaoo/Sola..._1.txt
windows7-x64
1Lmaoo/Sola..._1.txt
windows10-2004-x64
1Lmaoo/Sola..._2.txt
windows7-x64
1Lmaoo/Sola..._2.txt
windows10-2004-x64
1Lmaoo/Sola...le.txt
windows7-x64
1Lmaoo/Sola...le.txt
windows10-2004-x64
1Lmaoo/Sola...le.txt
windows7-x64
1Lmaoo/Sola...le.txt
windows10-2004-x64
1Lmaoo/Sola...tefile
windows7-x64
1Lmaoo/Sola...tefile
windows10-2004-x64
1Lmaoo/Sola...le.txt
windows7-x64
1Lmaoo/Sola...le.txt
windows10-2004-x64
1Lmaoo/Sola..._FE.iy
windows7-x64
3Lmaoo/Sola..._FE.iy
windows10-2004-x64
3General
-
Target
AnonymeTrialUi.rar
-
Size
175KB
-
Sample
240617-xq3cbszgjh
-
MD5
68c2d323d1f5e7d0ae8b9e6ec80b92bf
-
SHA1
a2e99e4d14aa8eb4c9d9815ead40d339edd38712
-
SHA256
956e9c0262ec999222d773ef856b1ca6788f02d864101b940d310693478077c0
-
SHA512
92aa3eaa95ccfcf5b4bb63b63a888ac01c40180722d13530b98b75f6d2eda52c5939e127485263458f978e09c51a857d5a5f485d9b10e778e0db0fd6b91d75db
-
SSDEEP
3072:3w8sJCPsZNC58cCnpyw9PryazL74qvxnW39NhmslOQ8yirkL:3XP7enQEus3Y39vZlONML
Static task
static1
Behavioral task
behavioral1
Sample
AnonymeTrialUi.rar
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
AnonymeTrialUi.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Lmaoo/AnonymeAPI.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Lmaoo/AnonymeAPI.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Lmaoo/AnonymeAPI.pdb
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Lmaoo/AnonymeAPI.pdb
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Lmaoo/Solara/SolaraBootstrapper.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Lmaoo/Solara/SolaraBootstrapper.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
Lmaoo/Solara/autoexec/newinjector.txt
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
Lmaoo/Solara/autoexec/newinjector.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Lmaoo/Solara/scripts/qsdfsdfsdfsdfsdfsdfdsfsdf.txt
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
Lmaoo/Solara/scripts/qsdfsdfsdfsdfsdfsdfdsfsdf.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Lmaoo/Solara/workspace/.tests/appendfile.txt
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Lmaoo/Solara/workspace/.tests/appendfile.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Lmaoo/Solara/workspace/.tests/getcustomasset.txt
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
Lmaoo/Solara/workspace/.tests/getcustomasset.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Lmaoo/Solara/workspace/.tests/isfile.txt
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
Lmaoo/Solara/workspace/.tests/isfile.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Lmaoo/Solara/workspace/.tests/listfiles/test_1.txt
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
Lmaoo/Solara/workspace/.tests/listfiles/test_1.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
Lmaoo/Solara/workspace/.tests/listfiles/test_2.txt
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
Lmaoo/Solara/workspace/.tests/listfiles/test_2.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Lmaoo/Solara/workspace/.tests/loadfile.txt
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
Lmaoo/Solara/workspace/.tests/loadfile.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
Lmaoo/Solara/workspace/.tests/readfile.txt
Resource
win7-20240220-en
Behavioral task
behavioral26
Sample
Lmaoo/Solara/workspace/.tests/readfile.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
Lmaoo/Solara/workspace/.tests/writefile
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
Lmaoo/Solara/workspace/.tests/writefile
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
Lmaoo/Solara/workspace/.tests/writefile.txt
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
Lmaoo/Solara/workspace/.tests/writefile.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
Lmaoo/Solara/workspace/IY_FE.iy
Resource
win7-20240611-en
Behavioral task
behavioral32
Sample
Lmaoo/Solara/workspace/IY_FE.iy
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
AnonymeTrialUi.rar
-
Size
175KB
-
MD5
68c2d323d1f5e7d0ae8b9e6ec80b92bf
-
SHA1
a2e99e4d14aa8eb4c9d9815ead40d339edd38712
-
SHA256
956e9c0262ec999222d773ef856b1ca6788f02d864101b940d310693478077c0
-
SHA512
92aa3eaa95ccfcf5b4bb63b63a888ac01c40180722d13530b98b75f6d2eda52c5939e127485263458f978e09c51a857d5a5f485d9b10e778e0db0fd6b91d75db
-
SSDEEP
3072:3w8sJCPsZNC58cCnpyw9PryazL74qvxnW39NhmslOQ8yirkL:3XP7enQEus3Y39vZlONML
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Lmaoo/AnonymeAPI.dll
-
Size
5KB
-
MD5
50dbc4f076ec0feec5648db3e09c85eb
-
SHA1
466c6c60be0d2a1a0a24832b5a8f1d90392eea66
-
SHA256
fa67ff8d8fd7553975444d7aca6893a4b42b0dc9d25626862c4e9f6dee4dce76
-
SHA512
701762af3caddf7b12a8e7db54e48307f69e2d1cb61e8de0412a18745af26b0cd8290316c9fa4c7f549cb420127911fe050d9d50d532fbf078ae89d04451936f
-
SSDEEP
96:Nl6dOdVdeGgCe0JphEv9fXXG9TtVI3gsil7D0jDu:P6dOdVdvgC7pofqVI3gsM7wji
Score1/10 -
-
-
Target
Lmaoo/AnonymeAPI.pdb
-
Size
23KB
-
MD5
8ccff85350dafbae1b29078c9808bfaf
-
SHA1
61573e943857cf5f7bf565ee19ef0ddb0c9a2e27
-
SHA256
cb00e38ffc28f0c6a0b9189c9ad0ebae6f0a8e5146d1fbf17e9f1bdfb78e92a0
-
SHA512
abe3a6f7f03ca1402c0b550ba1627547ef750b38bbf2e5e260bd408fd2750c8c3a03fb226eebbc001d1abbccd50ed21da93a9315d47f770c05e3db9e57dffc9a
-
SSDEEP
192:CAPRAP8SAPoHCAP8SAPVHrvDTI2hpIOmosSIhIM9O5ArDg+vBMArDgc:dS2o92lDrm2QZ
Score3/10 -
-
-
Target
Lmaoo/Solara/SolaraBootstrapper.exe
-
Size
13KB
-
MD5
6557bd5240397f026e675afb78544a26
-
SHA1
839e683bf68703d373b6eac246f19386bb181713
-
SHA256
a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239
-
SHA512
f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97
-
SSDEEP
192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Lmaoo/Solara/autoexec/newinjector.txt
-
Size
102B
-
MD5
fb4bcbadff658e7d720773012e8bc7f7
-
SHA1
f79749149e4f797466fe4ddf131ac34d1bb84134
-
SHA256
3099eb64c5c4f49022388624f8cb18545e97c885ac66935907818583d70ca073
-
SHA512
1f80c488b0be8b88aa78cb064a5f226b8a160478a1605f88746348204e8e863808018e64c679add0095b14bdad487312e0107ffba5e01a32b67be1669ee90eec
Score1/10 -
-
-
Target
Lmaoo/Solara/scripts/qsdfsdfsdfsdfsdfsdfdsfsdf.txt
-
Size
573B
-
MD5
3155f3a1967de4aa9b1e34b3195253cd
-
SHA1
1d1c9e34225afdb5440413d7961b45a44621853d
-
SHA256
58e2971b886918c6cef16f57915dc42aa0ac2e40240456d5d6af201a0c179a40
-
SHA512
2360200ceb2391138d3459d06163d5ae4e7e08ee67737a309c6f997d8a138cdcb42409a26c68208046c4060ddb187651ebc872fa93b36ca84c095dd5d3ac8e4f
Score1/10 -
-
-
Target
Lmaoo/Solara/workspace/.tests/appendfile.txt
-
Size
7B
-
MD5
260ca9dd8a4577fc00b7bd5810298076
-
SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6
-
SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
-
SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score1/10 -
-
-
Target
Lmaoo/Solara/workspace/.tests/getcustomasset.txt
-
Size
7B
-
MD5
260ca9dd8a4577fc00b7bd5810298076
-
SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6
-
SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
-
SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score1/10 -
-
-
Target
Lmaoo/Solara/workspace/.tests/isfile.txt
-
Size
7B
-
MD5
260ca9dd8a4577fc00b7bd5810298076
-
SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6
-
SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
-
SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score1/10 -
-
-
Target
Lmaoo/Solara/workspace/.tests/listfiles/test_1.txt
-
Size
7B
-
MD5
260ca9dd8a4577fc00b7bd5810298076
-
SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6
-
SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
-
SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score1/10 -
-
-
Target
Lmaoo/Solara/workspace/.tests/listfiles/test_2.txt
-
Size
7B
-
MD5
260ca9dd8a4577fc00b7bd5810298076
-
SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6
-
SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
-
SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score1/10 -
-
-
Target
Lmaoo/Solara/workspace/.tests/loadfile.txt
-
Size
1B
-
MD5
8fa14cdd754f91cc6554c9e71929cce7
-
SHA1
4a0a19218e082a343a1b17e5333409af9d98f0f5
-
SHA256
252f10c83610ebca1a059c0bae8255eba2f95be4d1d7bcfa89d7248a82d9f111
-
SHA512
711c22448e721e5491d8245b49425aa861f1fc4a15287f0735e203799b65cffec50b5abd0fddd91cd643aeb3b530d48f05e258e7e230a94ed5025c1387bb4e1b
Score1/10 -
-
-
Target
Lmaoo/Solara/workspace/.tests/readfile.txt
-
Size
7B
-
MD5
260ca9dd8a4577fc00b7bd5810298076
-
SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6
-
SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
-
SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score1/10 -
-
-
Target
Lmaoo/Solara/workspace/.tests/writefile
-
Size
7B
-
MD5
260ca9dd8a4577fc00b7bd5810298076
-
SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6
-
SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
-
SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score1/10 -
-
-
Target
Lmaoo/Solara/workspace/.tests/writefile.txt
-
Size
7B
-
MD5
260ca9dd8a4577fc00b7bd5810298076
-
SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6
-
SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
-
SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score1/10 -
-
-
Target
Lmaoo/Solara/workspace/IY_FE.iy
-
Size
539B
-
MD5
291d5636a434c4f1ceb0f3f776c2a51f
-
SHA1
ae287e08f71c522a72812f0dace94b8ffb569341
-
SHA256
73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452
-
SHA512
7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743
Score3/10 -