Overview

overview

10

Static

static

10

SolaraV2.1.exe

windows11-21h2-x64

9

main.pyc

windows11-21h2-x64

3

Resubmissions

06-01-2025 06:22

250106-g5ddraylfw 10

04-08-2024 00:07

240804-aeafvavbpa 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SolaraV2.1.exe

  • Size

    18.6MB

  • Sample

    240804-aeafvavbpa

  • MD5

    2f8048394e6b1d1dcf7a290adfb0c7f1

  • SHA1

    ac735c3ebbda361379a2c90f0a494d530c409c3e

  • SHA256

    550523a10cf436a25b8fc2c431f593ddad838c6a9a0e952f8f319a1e479265e1

  • SHA512

    1e68b10dd8c00f84fff615a2f33847e16c81b78ab9af1ce2226f332c6aa5e1778384997f900fce47422daffc4d9ee532d6734df25e33f2517b72a9ecd4bfcf8e

  • SSDEEP

    393216:oqPnLFXlr4mQ8DOETgsvfGFzgNNamJvE4rNC1u2YWm:ZPLFXN/QhEE07+V1u5

Score
10/10
empyreancredential_accessdiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      SolaraV2.1.exe

    • Size

      18.6MB

    • MD5

      2f8048394e6b1d1dcf7a290adfb0c7f1

    • SHA1

      ac735c3ebbda361379a2c90f0a494d530c409c3e

    • SHA256

      550523a10cf436a25b8fc2c431f593ddad838c6a9a0e952f8f319a1e479265e1

    • SHA512

      1e68b10dd8c00f84fff615a2f33847e16c81b78ab9af1ce2226f332c6aa5e1778384997f900fce47422daffc4d9ee532d6734df25e33f2517b72a9ecd4bfcf8e

    • SSDEEP

      393216:oqPnLFXlr4mQ8DOETgsvfGFzgNNamJvE4rNC1u2YWm:ZPLFXN/QhEE07+V1u5

    Score
    9/10
    credential_accessdiscoverypersistenceprivilege_escalationspywarestealerupx

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      bf6fe2f50d5161fa2fb9c3e1c3495af0

    • SHA1

      d19195f3c8600642fe0a593d09a97d2a3bc19124

    • SHA256

      bebb562ff94a72d948a66687d50afe0d54b88de3b779bc27b5098e820857bfe5

    • SHA512

      44810342ce4f7fe9baa47622cc86a7062920620346ab86ff639350e13d9a6b964eff40a7f03f0c9f68dff92be5bc80906028250b89284a9f5bdfc8c8d522e6b8

    • SSDEEP

      192:wMMarkzD8qh8bpUPWdXw62UwrJhwX+kMdwH0nw:DLUKbcWu62d2rPUw

    Score
    3/10
    behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

System Information Discovery

1
T1082

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks