Resubmissions

18-06-2024 07:05

240618-hwsyhswenp 9

General

  • Target

    SolaraB3.exe

  • Size

    29.5MB

  • Sample

    240618-hwsyhswenp

  • MD5

    d48f105d8b9f827a8a195ff5e97b91a8

  • SHA1

    82ae8cbf6479c89cdc1a39ce7b5c4436563e2a55

  • SHA256

    e5bb72eb669535e1a9f98a276576c4bff516c4e87fa6c70377b4fd9c53008c76

  • SHA512

    91ce05d7fcd65c1dfc8819a59fdcace92fbbcc29792c31533c7ce59d871249a1b9a02485949e5a2b81f43870059be432d59a09fbf0dda4ba3dae97e81a6b6f75

  • SSDEEP

    786432:P9SvGdbg+KvIFVOj+ESWqE5SezZak9SFj5K+N:FS+dIvIFVOlqQZskG5J

Malware Config

Targets

    • Target

      SolaraB3.exe

    • Size

      29.5MB

    • MD5

      d48f105d8b9f827a8a195ff5e97b91a8

    • SHA1

      82ae8cbf6479c89cdc1a39ce7b5c4436563e2a55

    • SHA256

      e5bb72eb669535e1a9f98a276576c4bff516c4e87fa6c70377b4fd9c53008c76

    • SHA512

      91ce05d7fcd65c1dfc8819a59fdcace92fbbcc29792c31533c7ce59d871249a1b9a02485949e5a2b81f43870059be432d59a09fbf0dda4ba3dae97e81a6b6f75

    • SSDEEP

      786432:P9SvGdbg+KvIFVOj+ESWqE5SezZak9SFj5K+N:FS+dIvIFVOlqQZskG5J

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks