General
-
Target
DCdsHKoEWyA.zip
-
Size
8.4MB
-
Sample
240708-erkjsstfnb
-
MD5
2450e0073b31ff54e82ef05fc37b18cd
-
SHA1
57d34d65ca7a370f7b0a0506bc66dabe6c006778
-
SHA256
799f9f27b549f977b7cfeac5b47125e69ac1c9195a6e10a25d5105b8fe933b2b
-
SHA512
ffaa9f3e1020fe35c24bf32ad69d5b8ca3b8c8148660533b7690ea6d9e7a10b6dd8a3c2fbc83fece679b1ee362cec3ddbce7f491dec55da1ed0913f64ec9344a
-
SSDEEP
196608:Bf8v8bAb0RVIEe69QRjYd51xH4X6d7xJEuDiMP3hllv+EVyel8uR/3i:BkEZuE4GvH4X6txJEuD/7Dy
Behavioral task
behavioral1
Sample
SolaraC/Solara X.exe
Resource
win11-20240704-en
Behavioral task
behavioral2
Sample
SolaraC/webBypass.dll
Resource
win11-20240704-en
Malware Config
Targets
-
-
Target
SolaraC/Solara X.exe
-
Size
250.0MB
-
MD5
c5b870d0d240340edf18ca0cf9078ae8
-
SHA1
73a06c6d1a8efcda2c1d73f716f6942d836ba23f
-
SHA256
df7bb1d54abcf45e3f1ac455a9474ce3ed2cf00b73f3794ef95b69aece1b0784
-
SHA512
574c8d35fa6167c45463037bc59db4216abcecb544511f4d103b4724a64f0ecbb49691be5c45a6d8bc57984b2117274c225db46e43ae781c39de7fba5bb5135d
-
SSDEEP
24576:xxg+vFcnXOjE14LuLgC2H9UHXvgBWVnH2+y7S14PPuI4twGT5uotLX:vtcejEm8gl9UHX1NW+y7Sjlt35rLX
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
SolaraC/webBypass
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score1/10 -