Extracted

• • Target

    Solara.exe

  • Size

    489KB

  • MD5

    304fb1af10c5964bb55597f7c87e5ee3

  • SHA1

    7774fd280dc74e4b8846f7938261b7e22373b576

  • SHA256

    969e1396d2f6932f10c6de742659667070e3d6158d9e5a7d9a16d7254ca3afc7

  • SHA512

    3602afe1c97c78cdb871fe40dde53fc8e9c4766532e3d4ffccacf189e5e38e32c9bd55c681085ec0d5e62d9340a0724537143afd2b39705550b8368561280453

  • SSDEEP

    12288:7Jf/DdUC83OIgFc+tYjhLFH8rX+t498oHLMYK4K:7N/BUBb+tYjBFH8d7rM

  Score

  10^/10

  44caliberevasionspywarestealerthemidatrojan

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks whether UAC is enabled

    evasiontrojan

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2