General
-
Target
Solara.exe
-
Size
45KB
-
Sample
240704-vxselascqg
-
MD5
13325ceba29ec848cee74cc4b4c34816
-
SHA1
7c7408870da2fe079aa460fe0d237e12e19cb7cb
-
SHA256
c05a571f0f7e4233697b7590f7f4329e7da984d6fcf71a2ce521df984aa2cd54
-
SHA512
e3c069485b14679bed54b47d0e914417e00e526bc6ffd2e77767c86e30267abc037b1f974add86672c9b8cc4d40ccb1420929641b495e419aa8c6bcac585e220
-
SSDEEP
768:JdhO/poiiUcjlJInRJH9Xqk5nWEZ5SbTDaNWI7CPW5A:Hw+jjgnrH9XqcnW85SbTsWIY
Behavioral task
behavioral1
Sample
Solara.exe
Resource
win7-20240508-en
Malware Config
Extracted
xenorat
anyone-blogging.gl.at.ply.gg
Xeno_rat_nd8912d
-
delay
500
-
install_path
temp
-
port
22284
-
startup_name
Windows
Targets
-
-
Target
Solara.exe
-
Size
45KB
-
MD5
13325ceba29ec848cee74cc4b4c34816
-
SHA1
7c7408870da2fe079aa460fe0d237e12e19cb7cb
-
SHA256
c05a571f0f7e4233697b7590f7f4329e7da984d6fcf71a2ce521df984aa2cd54
-
SHA512
e3c069485b14679bed54b47d0e914417e00e526bc6ffd2e77767c86e30267abc037b1f974add86672c9b8cc4d40ccb1420929641b495e419aa8c6bcac585e220
-
SSDEEP
768:JdhO/poiiUcjlJInRJH9Xqk5nWEZ5SbTDaNWI7CPW5A:Hw+jjgnrH9XqcnW85SbTsWIY
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-