53154c1318430656cd3cea95e48ef7bf62f196a871ab6e137f5893bafbcf018d

Sharing

Copy URL

Twitter E-mail

General

Target

Solar Client.zip
Size

59.0MB
Sample

240630-r83sxsshln
MD5

98f417f4765adcd6c24a390276e26b00
SHA1

353c97867db774bb0b90c537d6bc348923c71575
SHA256

53154c1318430656cd3cea95e48ef7bf62f196a871ab6e137f5893bafbcf018d
SHA512

c737fd0c43aba1abc50ee7c78fd931baeb5eb4ef10778322bab06046e2155e201955a9b35dc9af234862c3e1d7014e066fa4cc3a86848f17c7c28e03ef218a6e
SSDEEP

1572864:mB1724cLi/Fts1XSFBfhty/oStlfEV8mh6qca:mbQLI2dSF1ryDrfMLca

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  Solar Client/Solar-Tweaks-Setup-4.2.0.exe
- Size
  
  59.3MB
- MD5
  
  dfdea5f4a771556305d2faef94c8cf18
- SHA1
  
  f0cbbd1a88c7ebbc84a8b68cbf695eead7273328
- SHA256
  
  16a152d46f5bccb505d769cc3863277c7ef2e15f7f9d3fee570f98377d69c91b
- SHA512
  
  08ac72e28a3e621c05929bd8e0421975ca65749f0321d2eee163a16be7072ea0e81ad3d65bba7e455cedca33289f2aa6f6c5dfb42b45a627b95b3960db3b8642
- SSDEEP
  
  1572864:qy1s9ggeDH7QDv2zFZJTCT6MR9L0T+wKseEc:qy1sHYcL2zfNwbnLbdEc
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral4
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral5
- Target
  
  LICENSES.chromium.html
- Size
  
  5.1MB
- MD5
  
  6b84319ee8a0a0af690273d3d2dcbaf4
- SHA1
  
  857ca353e0582d100dcbc6cb6761bb4430d0cb90
- SHA256
  
  fc2a256467fb4d4ff72be6c423e5961e98b418554deeec296aded0e757b9a585
- SHA512
  
  26f9842bfdb429ef132cc1a930da9187071a339927eda402e8d54b5eb9e03067612cdadc3a2dad3d0977f8e6af18c05eab6ac91720221c6a0104f96638f85a8a
- SSDEEP
  
  24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS
Score

1^/10
behavioral6
- Target
  
  Solar Tweaks.exe
- Size
  
  130.1MB
- MD5
  
  b7cd0e6338eea04671d96dc170749be3
- SHA1
  
  99ccfefb5d283e37f488c78112fcb9e9418d6798
- SHA256
  
  b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad
- SHA512
  
  1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943
- SSDEEP
  
  1572864:2mYWQRWtJ65M7a2iu4Rywh9hJyO9N+oJOTU8f/kmgZ2sI:B4M7a2H4Ryu+dNgI
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.3MB
- MD5
  
  7641e39b7da4077084d2afe7c31032e0
- SHA1
  
  2256644f69435ff2fee76deb04d918083960d1eb
- SHA256
  
  44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
- SHA512
  
  8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
- SSDEEP
  
  49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score

1^/10
behavioral8
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  7c3c780de9ae5cc4abeccbd7cb6b367b
- SHA1
  
  bda27b3c0b1ec023e2a0a97099a84b10e04cb135
- SHA256
  
  39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08
- SHA512
  
  80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c
- SSDEEP
  
  49152:8MnbcrH9v7eCZPxX+qzohT99hDoapghnshy43yBcxnyKbZtjB0HVEMGJSj/8NOv:dCZpX+q27saesDSjbv
Score

1^/10
behavioral9
- Target
  
  libEGL.dll
- Size
  
  429KB
- MD5
  
  b3017453d487a7d33445c1d2d9b9bc13
- SHA1
  
  7e643ccb8984a4a92dd439eeb4bdaaeb62bd8862
- SHA256
  
  23046e7fe2bbf76ee2c5596b6beac723ad465fdbaa44266486102cdb292148a1
- SHA512
  
  fd583f4b95aa974d72628bcc548feb22bc86c5ab0fd1536995bd796e28422f56e6799d60e2c3bef9aed9a1080eaf12338a3b29b8c3d40ba5166030a219572baf
- SSDEEP
  
  6144:67Udu1o3YnElXvzYhRk9o+3Re3wpcOQy5n+t7dPs:wUdu1NElX7QR2osJ5+XP
Score

1^/10
behavioral10
- Target
  
  libGLESv2.dll
- Size
  
  7.6MB
- MD5
  
  dd8d815769cbf46af41a41931e9b4572
- SHA1
  
  f242fcc4cfd5030f3f543c22f141185cd86e7142
- SHA256
  
  dd74029716da56a0e4b64bc5cea0c169e1c4b31143ff39213d3c544792e8f2b9
- SHA512
  
  69a12f862157746ffc27b637941261a0c5c494175c3e674c7de4d0c4452a5b9358735944e8e0568b7279a7791cf178c9b1afd5ea4a781e93f28cd775a0a6096f
- SSDEEP
  
  98304:p5a6GJCIf2Knqdu5iIBIcbWwYSqARSHoDNSv:pKIwBqARSH
Score

1^/10
behavioral11
- Target
  
  resources/app.asar
- Size
  
  6.0MB
- MD5
  
  9c12e7fb205f75b66a6ee62e4ca92a9b
- SHA1
  
  8e9976b84c9bf1827bb96fc61c0b7dc96e2f596e
- SHA256
  
  a8018e6d6af92f4e0a19b35fafc1d47a3362045335f4bf50da1af3adf34e5f50
- SHA512
  
  2e49f8568506ae002dba30badd7a137f07d3e90949d93c2d741e166e53c752ada9bccd970c5a9f55cde54f8c4f53cc2d6dd6b908c6300e2c172d911c10dda029
- SSDEEP
  
  49152:l7UsvLGH/gjRxJIZBbpBKv8A5v4hjfE/z1bzXALnb/CYWTyD5GGBEMlk/QSI7+nY:wAF9TJB3LN5yoL4vBN16crFcbmvZ
Score

3^/10

execution
behavioral12
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral13
- Target
  
  swiftshader/libEGL.dll
- Size
  
  448KB
- MD5
  
  038a73114d439bfc94be4732b2794998
- SHA1
  
  4b7a9d52da1bd808af979cf5cfb146404494317a
- SHA256
  
  b1054e0dc2ab31a7cf3cd7f3dae07b1ec31acd42c157be13ce47ea870840f0cc
- SHA512
  
  8788e43de424e1d7a163d0b7f4d719c36bf8fdee9808d405aeb05993c446d4f2a595741cb4d98f5e9611cd16d09de9445bf72176a799f4189168bb8509b115ff
- SSDEEP
  
  6144:/H0B/LCOJ7lTp0k7zKd0POc37Tta9pdEp2si0xnLB4Vz:/MCOJ7lFx7zxt6dEY0VLSV
Score

1^/10
behavioral14
- Target
  
  swiftshader/libGLESv2.dll
- Size
  
  3.1MB
- MD5
  
  38ec86347b3e467c5868e35ab48f89f2
- SHA1
  
  4db17d065cc330b277a70f9fb8dff0c4b426f314
- SHA256
  
  2e10d308d0207835b07df3bb38bee88300aa57fcb214051e8654d29587257744
- SHA512
  
  2b2405ed51ea1d232f2d60072e4f57e70f36f1a8f9d0a935772bfb9a3be50c1d6136cee496fde9fb3dda1f0d2f1c643cb9f162e0b68828ff854645eb1e8216f4
- SSDEEP
  
  49152:EAtfKpPXV/5DdijA29+0QdjwSx+qovRYFDguXfol+4iduejy3bEW2ehvxLTL10dO:nwNynDyguydMVW5v1
Score

1^/10
behavioral15
- Target
  
  vk_swiftshader.dll
- Size
  
  4.5MB
- MD5
  
  0d3deb7dc62ea45c6624aab2b1ed8071
- SHA1
  
  0e4a7276784e3d8e6d6440669a65bd88f840b078
- SHA256
  
  cc947f08b87f4636213211b22328c32d1986d49abc96a619799091fa6a15c851
- SHA512
  
  38b674e0a0fefe1fa61ae144e6707b0eb7cfb73a8d01315f2b984cd1ebeb017cddeb89e39daa0f5806cc295a540e826a97422a677c361ebab3f8e4767228e5e6
- SSDEEP
  
  49152:53YxjaP0AETYj7g/yaI75j/7wiSmQEZLT/lbMnP3cuJUiId+R9iETUjdCB2KmGsl:UAbIASP1aRldQ
Score

1^/10
behavioral16
- Target
  
  vulkan-1.dll
- Size
  
  707KB
- MD5
  
  3cffcffbf394159458566fb79b9abd3f
- SHA1
  
  7e0f09e9ea67e9e587305e2f740c8620dad12595
- SHA256
  
  26460b9250e904a9db6e5e0893e746a84ffae21c02e083e3f33a913d7cc79111
- SHA512
  
  93a73aef9237d52119f9886ca6eff7975cdd6931d12087ea4c0397807b19c6195e24045d80b606bfc45f754c58ab5b1f789d95e91250828629724b9446501c55
- SSDEEP
  
  12288:Dwc+2rLfirhAu07HvM5BSNraGMiuvo52Ap:D82r79KBSwBiuv
Score

1^/10
behavioral17
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10
behavioral18
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10
behavioral19
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral20
- Target
  
  Uninstall Solar Tweaks.exe
- Size
  
  394KB
- MD5
  
  68feea1405b258523b999de8b1f597d6
- SHA1
  
  1064551fce23365588d14b875eb93af09583f7f0
- SHA256
  
  e25747059c7581a9541b83913a066e8551d2f8b601cd1dfb9954a3c24b1b528f
- SHA512
  
  0607ea6500d820b5585389b233ece7593f8e964622f4492e87c5ec7b5863f38804af6d96819df70715699ad8c6c50871b44008d5a198ddbab6b5ed8a7f290c7b
- SSDEEP
  
  6144:8740IumguQuA12m8dKGO0nYS2dlR7+eZl26:+bt8dHYltn
Score

1^/10
behavioral21

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21