General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Credentials
Protocol: ftp- Host:
194.28.224.2 - Port:
21 - Username:
anonymous - Password:
anonymous@
Extracted
Family
lumma
C2
https://bannngwko.shop/api
Targets
-
-
Target
https://github.com/TheresiaAurelly/Solara-executor?tab=readme-ov-file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-