General
-
Target
Solara Executor V2.rar
-
Size
1.2MB
-
Sample
240802-vmr13sscqr
-
MD5
51e6735ce2042e2ba0c187a3c47ff2df
-
SHA1
0902722a7e18a5a90c81dc786ab3b5ec616f2d70
-
SHA256
a83f40624d7d8f6f769e672c41a72785bb623fa6f87640aac16cd7300599b21e
-
SHA512
bcd27ec0ef174fd44e8295d84196ea4da9f9f7d15dd9fb814b9a8608c7585e723eb6ad415317648654e3b97a15e35d4b9c9d5702c2e4b55a2f78203fa8d7be72
-
SSDEEP
24576:w2TfBF51vJNv35DAcR3VXXslc7lHR+tOJyZkZN0z1qCA8G2gA7bprFarC1RuQBrn:w2bBb1vucnnGc7lHRPIyMhA8pgAHpJUY
Behavioral task
behavioral1
Sample
Solara Executor V2/Download (RUN FIRST).exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
Solara Executor V2/Solara Executor.exe
Resource
win11-20240802-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.68.119:4782
realwz-34142.portmap.host:34142
6eb5c908-87fa-4e33-a3b3-a6eaa2455bad
-
encryption_key
458FF650B9D9D277FD5A8DC74175331B7B2FC1B9
-
install_name
Downloader.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SolaraExecutor
-
subdirectory
SubDir
Targets
-
-
Target
Solara Executor V2/Download (RUN FIRST).exe
-
Size
3.1MB
-
MD5
c23404d4606f1e49bfc9efff359ed317
-
SHA1
da2904b0f8e16119576e389c0d77c2b4c96baf9e
-
SHA256
00345f840ce5cc3045c67e63e93f2fb438963eeb13a8d8587e2b196d4bc79591
-
SHA512
30bb2f181342ab8e9c8bd851d554bedb6f87a91021b2a521ed02313ec146083920b33cc3a28135fb4b45f6103dc0c8fb01ba61096ece3ad23e2e5d3cd5720407
-
SSDEEP
49152:fvRuf2NUaNmwzPWlvdaKM7ZxTw1KYw1Jr9oGd09THHB72eh2NT:fvsf2NUaNmwzPWlvdaB7ZxTw1KYm
-
Quasar payload
-
Executes dropped EXE
-
-
-
Target
Solara Executor V2/Solara Executor.exe
-
Size
795KB
-
MD5
a7f3293b177a63f6c50b5560e729cbff
-
SHA1
4885073e4881cffc5c5155de720aa65755418fe8
-
SHA256
da17868f107954124c0953fd1cb37ac8ed4e78460905e83d6402b966a77ee7dc
-
SHA512
70b3431b238457a24e66914d0059e7e8e2dc4f79ac49c9a9c510214b8bc1279af6947288442060ac02c3cf3c863c144ef95219006097d2e59183586f7f701438
-
SSDEEP
12288:Hs0xF36Z1LyI6QQsJNOoRQ1jt/Nppxu29CHWzO:xxJ6Z1L5J8oRQ1jt/Nppxv9C2
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-