General
-
Target
SolaraV2.83.zip
-
Size
7.3MB
-
Sample
240626-gdt77ayaja
-
MD5
d355febbfef826b3eb49d2594dc4bb59
-
SHA1
4796a132b59210acfa5a2eaeb93478a006da6e46
-
SHA256
76359f5ec0f6c8916ba4e07df1353b2a47c0979da198876de2348f1bc0ba6d4b
-
SHA512
fdb8dc664598862c85380b2def030b800ff153afff1138bad121cb8f8c3512849ad24c4e2098ec18a85b47caf5321ce289a557c871df195238891241d32c9492
-
SSDEEP
98304:OLLcYcrcn0tKyqD06kt9iMY61AJnsKuUIMRnVnme0EvvBuTJJMBJtBJ55eSBDeMX:3YmZsyqD06siMgJn48lVnrVoT3c5rdz
Behavioral task
behavioral1
Sample
SolaraV2.83/Solara/SolaraBootstrapper.exe
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
SolaraV2.83/Solara/SolaraBootstrapper.exe
-
Size
7.4MB
-
MD5
05a769c21aa98656cd45c0a1bf2dc7c0
-
SHA1
8113599abcb61beeee1ee0e629e5132f082ac76c
-
SHA256
60f2a0752a9fabcaec044ab16a7ec61e37bd95b229236f75725ac11721aef8f0
-
SHA512
9efb627f919f02c4fb2989f66c8a30c3e4e9ce8ea2eaa4b525d29978643db6cf4ef425b8be5766c06d618b6d6b0fa4c5a3fdd5742c2b95a41c0b1f26e76b6a22
-
SSDEEP
98304:dSeYgZhUd6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3zCUTVv9JT1sOBN3o1pz:drYS6cOshoKMuIkhVastRL5Di3u01D76
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-