Overview

overview

9

Static

static

3

SolaraB_V11.zip

windows7-x64

1

SolaraB_V11.zip

windows10-2004-x64

1

SolaraB V1...er.exe

windows7-x64

6

SolaraB V1...er.exe

windows10-2004-x64

9

SolaraB V1...g.json

windows7-x64

3

SolaraB V1...g.json

windows10-2004-x64

3

SolaraB V1...30.txt

windows7-x64

1

SolaraB V1...30.txt

windows10-2004-x64

1

SolaraB V1...zaphub

windows7-x64

3

SolaraB V1...zaphub

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SolaraB_V11.zip

  • Size

    7KB

  • Sample

    240721-xbhpdazckh

  • MD5

    802edc2a2df25d20e014c5875e2678c6

  • SHA1

    d3f78befbeb3875ba96bc22a12e00c2256ff0c5f

  • SHA256

    e9b75ffe66b19fed9594e79730eb6bcecf4ea8bc648585cb76a0c53961486c03

  • SHA512

    d1c197ea24ba9fdc33770fc2e4b966cf17f9ef3ecac74607040171fd48f836850c697758ee6bccd494ac219a9ea852da7bedb523e6110d1774cf81c3bf046c38

  • SSDEEP

    192:HvYqt/NELl8XcICahNtu3Bq4fPBYKp8XVPWD0cFK:HvYqscc5ahfIBq43BY5V6FK

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      SolaraB_V11.zip

    • Size

      7KB

    • MD5

      802edc2a2df25d20e014c5875e2678c6

    • SHA1

      d3f78befbeb3875ba96bc22a12e00c2256ff0c5f

    • SHA256

      e9b75ffe66b19fed9594e79730eb6bcecf4ea8bc648585cb76a0c53961486c03

    • SHA512

      d1c197ea24ba9fdc33770fc2e4b966cf17f9ef3ecac74607040171fd48f836850c697758ee6bccd494ac219a9ea852da7bedb523e6110d1774cf81c3bf046c38

    • SSDEEP

      192:HvYqt/NELl8XcICahNtu3Bq4fPBYKp8XVPWD0cFK:HvYqscc5ahfIBq43BY5V6FK

    Score
    1/10
    behavioral1behavioral2

    • Target

      SolaraB V11/SolaraBootstrapper.exe

    • Size

      13KB

    • MD5

      6557bd5240397f026e675afb78544a26

    • SHA1

      839e683bf68703d373b6eac246f19386bb181713

    • SHA256

      a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

    • SHA512

      f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97

    • SSDEEP

      192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      SolaraB V11/workspace/KavoConfig.JSON

    • Size

      2B

    • MD5

      99914b932bd37a50b983c5e7c90ae93b

    • SHA1

      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

    • SHA256

      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

    • SHA512

      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

    Score
    3/10
    behavioral5behavioral6

    • Target

      SolaraB V11/workspace/OrionTest/73885730.txt

    • Size

      2B

    • MD5

      d751713988987e9331980363e24189ce

    • SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

    • SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    • SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Score
    1/10
    behavioral7behavioral8

    • Target

      SolaraB V11/workspace/ZapHub/ZapHubFolder.zaphub

    • Size

      8B

    • MD5

      bf04c59b953aaad945bb10ee0eac532d

    • SHA1

      30e83b570bc12283c4d4fec64c4f05a4515e8433

    • SHA256

      6107122c51d64962d53b8216a1b00854a0eb5bfe276cd1242b3f56ac1b846d6d

    • SHA512

      14daf682ca4b47423b82e964298146c5478cd289a2ec8bf1416428113b7b6795096eb97680bdd35948bce1a0eaa5d293081df194f31cc62c6150b3ae657a34fe

    Score
    3/10
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks