Overview

overview

10

Static

static

3

Solara.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Solara.exe

  • Size

    13.0MB

  • Sample

    240701-pf76tsvbjp

  • MD5

    bf624098d6433fa0e8cc2647bff1de00

  • SHA1

    cbadcd4a2766e3fdfb7a1996234edc2674a99427

  • SHA256

    fdaae99aded447eac2cc3091feaf973c52f11a5c98192b65128cd4ee26902dc3

  • SHA512

    7f44617e0ac1d9a7ef3fe80c5b285698d81df361ad40cb4d4085a6f07778a05f9383922f12d990962b928f4c019b094893b8c902f44bdddfa278be4615ddf617

  • SSDEEP

    393216:LAct+L01+l+uq+Vvj1+TtIiF90VQxOC7P6gM:LQ01+l+uqgvj1QtINHC7Pc

Score
10/10
exelastealerdefense_evasionevasionpersistenceprivilege_escalationpyinstallerspywarestealer

Malware Config

Targets

    • Target

      Solara.exe

    • Size

      13.0MB

    • MD5

      bf624098d6433fa0e8cc2647bff1de00

    • SHA1

      cbadcd4a2766e3fdfb7a1996234edc2674a99427

    • SHA256

      fdaae99aded447eac2cc3091feaf973c52f11a5c98192b65128cd4ee26902dc3

    • SHA512

      7f44617e0ac1d9a7ef3fe80c5b285698d81df361ad40cb4d4085a6f07778a05f9383922f12d990962b928f4c019b094893b8c902f44bdddfa278be4615ddf617

    • SSDEEP

      393216:LAct+L01+l+uq+Vvj1+TtIiF90VQxOC7P6gM:LQ01+l+uqgvj1QtINHC7Pc

    Score
    10/10
    exelastealerdefense_evasionevasionpersistenceprivilege_escalationspywarestealer

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

      stealerexelastealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Process Discovery

1
T1057

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Command and Control

Exfiltration

Impact

Tasks