General

  • Target

    Solus.exe

  • Size

    7.4MB

  • Sample

    240624-vbr7pswbpr

  • MD5

    d7cb9e0b5224214f52d28d0246515287

  • SHA1

    8d4a44ce9558c0c7bc39803f3a66184cdf4199a1

  • SHA256

    7e5dc3599c765066a0d9ddff8bef56ff27c8880355aa0691074667562194ab30

  • SHA512

    1d485e228139a6ad94f586029dca96b026d77a9b1cbe25eeaecff482555504d61d0a20fb2f9ad8682a60e3a331a77c0860017759ce3ed3d9b601ef29004f3687

  • SSDEEP

    196608:W7NP9V0rurErvI9pWjgfPvzm6WsFE14Af:+NlEurEUWjC3zDl04Af

Malware Config

Targets

    • Target

      Solus.exe

    • Size

      7.4MB

    • MD5

      d7cb9e0b5224214f52d28d0246515287

    • SHA1

      8d4a44ce9558c0c7bc39803f3a66184cdf4199a1

    • SHA256

      7e5dc3599c765066a0d9ddff8bef56ff27c8880355aa0691074667562194ab30

    • SHA512

      1d485e228139a6ad94f586029dca96b026d77a9b1cbe25eeaecff482555504d61d0a20fb2f9ad8682a60e3a331a77c0860017759ce3ed3d9b601ef29004f3687

    • SSDEEP

      196608:W7NP9V0rurErvI9pWjgfPvzm6WsFE14Af:+NlEurEUWjC3zDl04Af

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks