General

  • Target

    solara_bootstrapperv1.13.exe

  • Size

    72.4MB

  • Sample

    240804-cn68aaxfrb

  • MD5

    6ba8448af7821be584af6311b9fa4598

  • SHA1

    33e38bb00c219026fae54d600999d4234563ce73

  • SHA256

    b0645bb787bdddeadb6d56fb3c09cd7b5f1d11860a12333b398a6d00c20fb8e0

  • SHA512

    654c10bd3f84d88f47cacdcd38b5b1c39f847b57a0eb8706d9bd3e85d2d12986bf7f41f28e262cf11bdc7f50013b4b93513514f3afb3943b31cd5c09935daade

  • SSDEEP

    1572864:63QtI+n8biirAH8+1osuTCSxOB6xMLiIpz2qHWB75il+WBZo0WDDdDxo:eC8biS6xjKcBa6R2qHO5izBW00D1O

Malware Config

Targets

    • Target

      solara_bootstrapperv1.13.exe

    • Size

      72.4MB

    • MD5

      6ba8448af7821be584af6311b9fa4598

    • SHA1

      33e38bb00c219026fae54d600999d4234563ce73

    • SHA256

      b0645bb787bdddeadb6d56fb3c09cd7b5f1d11860a12333b398a6d00c20fb8e0

    • SHA512

      654c10bd3f84d88f47cacdcd38b5b1c39f847b57a0eb8706d9bd3e85d2d12986bf7f41f28e262cf11bdc7f50013b4b93513514f3afb3943b31cd5c09935daade

    • SSDEEP

      1572864:63QtI+n8biirAH8+1osuTCSxOB6xMLiIpz2qHWB75il+WBZo0WDDdDxo:eC8biS6xjKcBa6R2qHO5izBW00D1O

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks