General
-
Target
SolaraBootstrapper.exe
-
Size
10.2MB
-
Sample
240626-g1nnxssdmj
-
MD5
65c2b250eea43f46bda8ede4ab457892
-
SHA1
8999c89bbf307dad88b49863f0dd79c0794310ed
-
SHA256
30f18ea51bfa806877d6579d457762c4b34bed35208c379a0a90f65e4921d1b6
-
SHA512
72c9a4d1b5abdb29c641ee03be75cb7ada08b480b2a0b2a6e8ca94d1105680a57b7fe80f9916a093a6823b1bcb192acced3434382265d3aa5ddab3e54612515e
-
SSDEEP
196608:ihxgnEkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfIGQfkdoXKh:xEkfc4q1+TtIiFUY9Z8D8CcldlQNbXKh
Behavioral task
behavioral1
Sample
SolaraBootstrapper.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
cstealer.pyc
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
SolaraBootstrapper.exe
-
Size
10.2MB
-
MD5
65c2b250eea43f46bda8ede4ab457892
-
SHA1
8999c89bbf307dad88b49863f0dd79c0794310ed
-
SHA256
30f18ea51bfa806877d6579d457762c4b34bed35208c379a0a90f65e4921d1b6
-
SHA512
72c9a4d1b5abdb29c641ee03be75cb7ada08b480b2a0b2a6e8ca94d1105680a57b7fe80f9916a093a6823b1bcb192acced3434382265d3aa5ddab3e54612515e
-
SSDEEP
196608:ihxgnEkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfIGQfkdoXKh:xEkfc4q1+TtIiFUY9Z8D8CcldlQNbXKh
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
cstealer.pyc
-
Size
67KB
-
MD5
68c7c79abd1cbe4a2029d04dd8690824
-
SHA1
eaa6ca92e8370cdc6d721fa14d5b4037b217c491
-
SHA256
48ff0bbf71df1aae1c5b29372b9375ed31d449883bd8ce0e5f801c701cd85000
-
SHA512
b9a31c32e06681f494ad15b9e667f60c5f49974bcbf5621f1d965dde7cf230b7cb4d245db3713520415abd63ffbf279bcae4077fe89906e78fcd025173339346
-
SSDEEP
1536:l0xqOguxpqBJlMstbo88jLQQcXf9qS0Vr+LRheG:lql/+bo88PiXX0r+LRP
Score3/10 -