Resubmissions

23-06-2024 10:41

240623-mrc4qaycph 10

23-06-2024 10:36

240623-mm7sjasdlk 10

23-06-2024 10:32

240623-mk1lfascrp 10

23-06-2024 10:26

240623-mgw4vaybre 10

General

  • Target

    Solara.zip

  • Size

    400KB

  • Sample

    240623-mm7sjasdlk

  • MD5

    20804935c8018d330c47fa7acde89358

  • SHA1

    7e79e69996cf54bf3da5807e37805db03d23f34e

  • SHA256

    65dcaf8699e4d8d8aaa1c177fc49bfe4ff69ad4fd3891d61f68c5239e217cb14

  • SHA512

    7c7cf8a3e6d90376a1a958c57527750c5a04d6d27c90397aac458898a34601a36c5f345afeabaa72f0ece7f3701ac729b68b5bd9f93252552feb4a1f092fc398

  • SSDEEP

    12288:/3IY0Y/4SF9rsCJmLagibphNFc6V9pr+YJGIYKxgDc:/3NAS3mL2b/rV9pUKxGc

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1169713279464120370/GUIw2wEmQMllUHEfRf3MNeS3DBNrZN-RuTQ9QbFfAqIZNVHtIlkj1yiD5QqgrIlv8gQi

Targets

    • Target

      Solara/SolaraB/SolaraBootstrapper.exe

    • Size

      826KB

    • MD5

      886d05ab350457e2ddde2f569dc0668a

    • SHA1

      3448ca0ce7b2f279694f8a360348c0ade71b9322

    • SHA256

      286b6d3aa77caa78854b3648d96d80a1f207d7b94fb54103b44600a6f72839b5

    • SHA512

      31186e5e079389f820a026843340468cf183c31ee18d60537d48e83b4ecb08b86f2e1b41012b4fa25ebbbd33a4fbc833986815e71010b74df3e04fdaf49d7962

    • SSDEEP

      12288:gCQjgAtAHM+vetZxF5EWry8AJGy03eJxZM6gMkIhS:g5ZWs+OZVEWry8AFL06gGS

    • 44Caliber

      An open source infostealer written in C#.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks