General
-
Target
SolaraB.rar
-
Size
76KB
-
Sample
240704-p1mqmaxbjr
-
MD5
9ad679577500b09d525e224e36667ba4
-
SHA1
e8c8a7afd0c415b94e65e6d0b782852fd0fe508d
-
SHA256
351cba23cab65cd57d5ec9e553bfa02d35a32a8f75467a75b1c3735b87af6a3d
-
SHA512
8f0b245ce641a8912f9c8482c7286bdcf19defd7381f4ee985e0f59701ead1ea134c03816545a9b848b43116afe7da371c2ba6d62b26ccdc5e7b579b68e3c736
-
SSDEEP
1536:zi2l3ISJ6HumuVjcjvlUiKFyTh7hxcj/Z1jY8LkoGFuQ3d:zl3pJjmeQ5URyd7n8/Z1xozFugd
Behavioral task
behavioral1
Sample
SolaraB/Solara/solarabootstrapper.exe
Resource
win7-20240220-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1258158330237423708/TP4vZ1k1Rh4BbYP62cogAVNmLUNicORrL9xsgCelKxJelwVrWSmY1bVmhh1Yvxap5YQ-
Targets
-
-
Target
SolaraB/Solara/solarabootstrapper.exe
-
Size
227KB
-
MD5
ebf1358b8496d5c895f4b8f9298f7f96
-
SHA1
f0136d66bf877934376858064344c2038b998fd4
-
SHA256
bccba62c31f689715d01f4e80edbe2fe6a816edb571c4a409fccbe2d5b789b65
-
SHA512
ca82e5838c7e8b292f46e5b20684b7fbb861f449678fc6283bd5c587c0958c069800e94c9f65b239609434564a394f8ca168d83d40bc27c96ade6c18744beb6d
-
SSDEEP
6144:eloZMLrIkd8g+EtXHkv/iD46E6TjpaC9sop7mGz3/b8e1mZJi:IoZ0L+EP86E6TjpaC9sop7mGzLt
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-