Resubmissions
18-06-2024 07:05
240618-hwsyhswenp 9General
-
Target
SolaraB3.exe
-
Size
29.5MB
-
Sample
240618-hwsyhswenp
-
MD5
d48f105d8b9f827a8a195ff5e97b91a8
-
SHA1
82ae8cbf6479c89cdc1a39ce7b5c4436563e2a55
-
SHA256
e5bb72eb669535e1a9f98a276576c4bff516c4e87fa6c70377b4fd9c53008c76
-
SHA512
91ce05d7fcd65c1dfc8819a59fdcace92fbbcc29792c31533c7ce59d871249a1b9a02485949e5a2b81f43870059be432d59a09fbf0dda4ba3dae97e81a6b6f75
-
SSDEEP
786432:P9SvGdbg+KvIFVOj+ESWqE5SezZak9SFj5K+N:FS+dIvIFVOlqQZskG5J
Static task
static1
Malware Config
Targets
-
-
Target
SolaraB3.exe
-
Size
29.5MB
-
MD5
d48f105d8b9f827a8a195ff5e97b91a8
-
SHA1
82ae8cbf6479c89cdc1a39ce7b5c4436563e2a55
-
SHA256
e5bb72eb669535e1a9f98a276576c4bff516c4e87fa6c70377b4fd9c53008c76
-
SHA512
91ce05d7fcd65c1dfc8819a59fdcace92fbbcc29792c31533c7ce59d871249a1b9a02485949e5a2b81f43870059be432d59a09fbf0dda4ba3dae97e81a6b6f75
-
SSDEEP
786432:P9SvGdbg+KvIFVOj+ESWqE5SezZak9SFj5K+N:FS+dIvIFVOlqQZskG5J
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-