Extracted

• • Target

    solara.exe

  • Size

    31.2MB

  • MD5

    db574505e197fc696b7484a3f5a06bb0

  • SHA1

    7cb74600a75354a787ff7964e5fe2b55f5cfe7f8

  • SHA256

    81c43844d18eee0ff82671ed0235cd9081d62668fc6c5f338a70cdad48d38f3c

  • SHA512

    76eb487866ed9c8bcaeb06775e254f69df27c0a6f300aebab698a4e20a5e25dd21c8d12ec1fe15b10cc15ee6353761457c50cb476f68ee3ba3fbe1b5e5b654ab

  • SSDEEP

    786432:XCALehCHTZWhnaY6mpZbx7dt8CbTAq44A9riGotv7V0U30pBg4JYWTNOwUSfEt45:XhzZWhna50NZOCbTbpaeGotTVNT4eqNb

  Score

  10^/10

  skuldpyinstallerstealerupxdefense_evasionexecutionpersistencespyware

  • Skuld stealer

    An info stealer written in Go lang.

    stealerskuld

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion
  behavioral1behavioral2