Overview
overview
9Static
static
3Heaven's Exploits.zip
windows10-1703-x64
1Heaven's Exploits.zip
windows11-21h2-x64
1Heaven's E...er.exe
windows10-1703-x64
9Heaven's E...er.exe
windows11-21h2-x64
9Heaven's E...O.json
windows10-1703-x64
3Heaven's E...O.json
windows11-21h2-x64
3Heaven's E...ANO.iy
windows10-1703-x64
3Heaven's E...ANO.iy
windows11-21h2-x64
3Heaven's E..._FE.iy
windows10-1703-x64
3Heaven's E..._FE.iy
windows11-21h2-x64
3Heaven's E...g.json
windows10-1703-x64
3Heaven's E...g.json
windows11-21h2-x64
3Heaven's E...ed.txt
windows10-1703-x64
1Heaven's E...ed.txt
windows11-21h2-x64
3Heaven's E...ary.js
windows10-1703-x64
3Heaven's E...ary.js
windows11-21h2-x64
3Heaven's E...ipt.js
windows10-1703-x64
3Heaven's E...ipt.js
windows11-21h2-x64
3Heaven's E...on.txt
windows10-1703-x64
1Heaven's E...on.txt
windows11-21h2-x64
3Heaven's E...sh.txt
windows10-1703-x64
1Heaven's E...sh.txt
windows11-21h2-x64
3Heaven's E...op.ini
windows10-1703-x64
1Heaven's E...op.ini
windows11-21h2-x64
3Static task
static1
Behavioral task
behavioral1
Sample
Heaven's Exploits.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Heaven's Exploits.zip
Resource
win11-20240704-en
Behavioral task
behavioral3
Sample
Heaven's Exploits/Solara/SolaraBootstrapper.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Heaven's Exploits/Solara/SolaraBootstrapper.exe
Resource
win11-20240704-en
Behavioral task
behavioral5
Sample
Heaven's Exploits/Solara/workspace/CFA HUB/Battlegrounder_2_GPO.json
Resource
win10-20240611-en
Behavioral task
behavioral6
Sample
Heaven's Exploits/Solara/workspace/CFA HUB/Battlegrounder_2_GPO.json
Resource
win11-20240508-en
Behavioral task
behavioral7
Sample
Heaven's Exploits/Solara/workspace/IY_ANO.iy
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
Heaven's Exploits/Solara/workspace/IY_ANO.iy
Resource
win11-20240704-en
Behavioral task
behavioral9
Sample
Heaven's Exploits/Solara/workspace/IY_FE.iy
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
Heaven's Exploits/Solara/workspace/IY_FE.iy
Resource
win11-20240704-en
Behavioral task
behavioral11
Sample
Heaven's Exploits/Solara/workspace/KavoConfig.json
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
Heaven's Exploits/Solara/workspace/KavoConfig.json
Resource
win11-20240704-en
Behavioral task
behavioral13
Sample
Heaven's Exploits/Solara/workspace/vape/CustomModules/cachechecked.txt
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
Heaven's Exploits/Solara/workspace/vape/CustomModules/cachechecked.txt
Resource
win11-20240704-en
Behavioral task
behavioral15
Sample
Heaven's Exploits/Solara/workspace/vape/GuiLibrary.js
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
Heaven's Exploits/Solara/workspace/vape/GuiLibrary.js
Resource
win11-20240704-en
Behavioral task
behavioral17
Sample
Heaven's Exploits/Solara/workspace/vape/MainScript.js
Resource
win10-20240404-en
Behavioral task
behavioral18
Sample
Heaven's Exploits/Solara/workspace/vape/MainScript.js
Resource
win11-20240704-en
Behavioral task
behavioral19
Sample
Heaven's Exploits/Solara/workspace/vape/assetsversion.txt
Resource
win10-20240404-en
Behavioral task
behavioral20
Sample
Heaven's Exploits/Solara/workspace/vape/assetsversion.txt
Resource
win11-20240704-en
Behavioral task
behavioral21
Sample
Heaven's Exploits/Solara/workspace/vape/commithash.txt
Resource
win10-20240404-en
Behavioral task
behavioral22
Sample
Heaven's Exploits/Solara/workspace/vape/commithash.txt
Resource
win11-20240704-en
Behavioral task
behavioral23
Sample
Heaven's Exploits/desktop.ini
Resource
win10-20240611-en
Behavioral task
behavioral24
Sample
Heaven's Exploits/desktop.ini
Resource
win11-20240704-en
General
-
Target
Heaven's Exploits.zip
-
Size
336KB
-
MD5
5048bb4d5026d1039654a97c8378edf2
-
SHA1
48d7de93c5fba06572515a109dc04f335310136f
-
SHA256
2f79a30540e3f31d86819c9fbf4d4f3a91d5d83ae07bcda94b1388818aebc933
-
SHA512
cf4df4da62e9107b19fd0d4a88ede0fab8e14b474aba159a9e133859b8b34751e13bbfa6cd58eac6c2bf73f24b16e20eb12b2384c5a2e029a2a4611115337b9e
-
SSDEEP
6144:lBzZhyoFThwHDh2GfPZHx3X8STKeAX0kMxb/ENHPNbmLq5hauTW3gIBcT1Z3UR:lBzZMoFThMhx9MSTK+bsNvN2KsxmLER
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Heaven's Exploits/Solara/SolaraBootstrapper.exe
Files
-
Heaven's Exploits.zip.zip
-
Heaven's Exploits/Solara/SolaraBootstrapper.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 794KB - Virtual size: 794KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Heaven's Exploits/Solara/workspace/CFA HUB/Battlegrounder_2_GPO.json
-
Heaven's Exploits/Solara/workspace/IY_ANO.iy
-
Heaven's Exploits/Solara/workspace/IY_FE.iy
-
Heaven's Exploits/Solara/workspace/KavoConfig.JSON
-
Heaven's Exploits/Solara/workspace/vape/CustomModules/cachechecked.txt
-
Heaven's Exploits/Solara/workspace/vape/GuiLibrary.lua.js
-
Heaven's Exploits/Solara/workspace/vape/MainScript.lua.js
-
Heaven's Exploits/Solara/workspace/vape/assetsversion.txt
-
Heaven's Exploits/Solara/workspace/vape/commithash.txt
-
Heaven's Exploits/desktop.ini