General
-
Target
Solara-main.zip
-
Size
401KB
-
Sample
240630-pyvy8a1enk
-
MD5
033b6b9d8a597b10cf18cd4afa9507c7
-
SHA1
555842f13061dff86306d1b79f47c0327c7628b4
-
SHA256
16cca0f0005d05175568adc4d1927ccf9a1775f51a67bf0e28e38df042d205d2
-
SHA512
5fbc045439fa100056554fef3141b1d85088318819021918ec0416fceb144f06fac3ffcdaea8dbe5d84ac7c5e71ebbfa722631b7045cdb7d705d693ae92634fb
-
SSDEEP
12288:iDfC0Y74SD9BsAJ7gib3aPcNYmn9nr+YRmMuyxgyL:TUSPNbKPcNYmn9nUyx/L
Static task
static1
Behavioral task
behavioral1
Sample
Solara-main.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Solara-main/README.md
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
Solara-main/Solara.zip
Resource
win10-20240404-en
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/1169713279464120370/GUIw2wEmQMllUHEfRf3MNeS3DBNrZN-RuTQ9QbFfAqIZNVHtIlkj1yiD5QqgrIlv8gQi
Targets
-
-
Target
Solara-main.zip
-
Size
401KB
-
MD5
033b6b9d8a597b10cf18cd4afa9507c7
-
SHA1
555842f13061dff86306d1b79f47c0327c7628b4
-
SHA256
16cca0f0005d05175568adc4d1927ccf9a1775f51a67bf0e28e38df042d205d2
-
SHA512
5fbc045439fa100056554fef3141b1d85088318819021918ec0416fceb144f06fac3ffcdaea8dbe5d84ac7c5e71ebbfa722631b7045cdb7d705d693ae92634fb
-
SSDEEP
12288:iDfC0Y74SD9BsAJ7gib3aPcNYmn9nr+YRmMuyxgyL:TUSPNbKPcNYmn9nUyx/L
Score1/10 -
-
-
Target
Solara-main/README.md
-
Size
1KB
-
MD5
99610e3f26a12cde98862aedd945ec84
-
SHA1
e10a549c9ae6414744ca9336a390eb62fb7f79b1
-
SHA256
072856d085b8184cd4df7e53ec4d74df81c3ee4b31435f52d13b2d23ae0ddc40
-
SHA512
a1d84b2b74bae2b18287d19b1c3965420d53d3f76fba5308e3a29f090b5ce8215e4ec6b1ed9cdec94cb38f77d05972d4b7936109b09852af957223d4cb949e37
Score3/10 -
-
-
Target
Solara-main/Solara.zip
-
Size
400KB
-
MD5
20804935c8018d330c47fa7acde89358
-
SHA1
7e79e69996cf54bf3da5807e37805db03d23f34e
-
SHA256
65dcaf8699e4d8d8aaa1c177fc49bfe4ff69ad4fd3891d61f68c5239e217cb14
-
SHA512
7c7cf8a3e6d90376a1a958c57527750c5a04d6d27c90397aac458898a34601a36c5f345afeabaa72f0ece7f3701ac729b68b5bd9f93252552feb4a1f092fc398
-
SSDEEP
12288:/3IY0Y/4SF9rsCJmLagibphNFc6V9pr+YJGIYKxgDc:/3NAS3mL2b/rV9pUKxGc
Score1/10 -
-
-
Target
Solara/SolaraB/SolaraBootstrapper.exe
-
Size
826KB
-
MD5
886d05ab350457e2ddde2f569dc0668a
-
SHA1
3448ca0ce7b2f279694f8a360348c0ade71b9322
-
SHA256
286b6d3aa77caa78854b3648d96d80a1f207d7b94fb54103b44600a6f72839b5
-
SHA512
31186e5e079389f820a026843340468cf183c31ee18d60537d48e83b4ecb08b86f2e1b41012b4fa25ebbbd33a4fbc833986815e71010b74df3e04fdaf49d7962
-
SSDEEP
12288:gCQjgAtAHM+vetZxF5EWry8AJGy03eJxZM6gMkIhS:g5ZWs+OZVEWry8AFL06gGS
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-