General

  • Target

    SolaraV2.83.zip

  • Size

    7.3MB

  • Sample

    240626-gdt77ayaja

  • MD5

    d355febbfef826b3eb49d2594dc4bb59

  • SHA1

    4796a132b59210acfa5a2eaeb93478a006da6e46

  • SHA256

    76359f5ec0f6c8916ba4e07df1353b2a47c0979da198876de2348f1bc0ba6d4b

  • SHA512

    fdb8dc664598862c85380b2def030b800ff153afff1138bad121cb8f8c3512849ad24c4e2098ec18a85b47caf5321ce289a557c871df195238891241d32c9492

  • SSDEEP

    98304:OLLcYcrcn0tKyqD06kt9iMY61AJnsKuUIMRnVnme0EvvBuTJJMBJtBJ55eSBDeMX:3YmZsyqD06siMgJn48lVnrVoT3c5rdz

Malware Config

Targets

    • Target

      SolaraV2.83/Solara/SolaraBootstrapper.exe

    • Size

      7.4MB

    • MD5

      05a769c21aa98656cd45c0a1bf2dc7c0

    • SHA1

      8113599abcb61beeee1ee0e629e5132f082ac76c

    • SHA256

      60f2a0752a9fabcaec044ab16a7ec61e37bd95b229236f75725ac11721aef8f0

    • SHA512

      9efb627f919f02c4fb2989f66c8a30c3e4e9ce8ea2eaa4b525d29978643db6cf4ef425b8be5766c06d618b6d6b0fa4c5a3fdd5742c2b95a41c0b1f26e76b6a22

    • SSDEEP

      98304:dSeYgZhUd6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3zCUTVv9JT1sOBN3o1pz:drYS6cOshoKMuIkhVastRL5Di3u01D76

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks