Overview

overview

10

Static

static

10

Solara V3.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    240720-y5ys5aybkl_pw_infected.zip

  • Size

    1.3MB

  • MD5

    305402bef218b8b6754d9a2aa1c2bb14

  • SHA1

    fb48fcadc5092ca7302d2fe6cd4504b29013256e

  • SHA256

    39e6d1d301f47e128ba66531bb7c3ab942a98149af46bc98bfcbc8af2dddd170

  • SHA512

    4fbaebda05e5e9b56114e6d6e9cfec65f7c76ca74a5efd54ca22decdf08661fc32709c9644954d26698b2e4596a8cfe869667c4c671eccb38c2d3222bf82b767

  • SSDEEP

    24576:HTBmyi8DMaeKj7A8McuOVb20EM5gWrHtuIH6HMrHCRtGmVsAcgUpuI7az:LP7rMcjyYrNuIHmMrHCRtGmVs9gUpu3

Score
10/10
solaraquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Solara

C2

thssdxf6y74-54495.portmap.host:54495

Mutex

b5404b50-f626-49b9-8b08-b7ac4b28d57b

Attributes
  • encryption_key

    CFE12BEE480308179907A97B8F57771DDA407795

  • install_name

    Solara V3.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Java Updater

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 240720-y5ys5aybkl_pw_infected.zip
    .zip

    Password: infected

  • Solara V3.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections