c221df92ab8ad749226c07b8951349a0d0fa6aff77b25357e8942e5c64c612b0

Sharing

Copy URL

Twitter E-mail

General

Target

So1araBootstrappzxcvbnf.zip
Size

75.0MB
Sample

240805-lypknasgnq
MD5

1a1fbb907aead7d59a4821d4df3fa448
SHA1

32acdd0a119b6eef7e5269655c0b9a4cd5632065
SHA256

c221df92ab8ad749226c07b8951349a0d0fa6aff77b25357e8942e5c64c612b0
SHA512

6f7709f08a1426970a4b6453d072c4ae807c16f20911f97dff3f39f13828a97d27ddffe56818ecc671fb26ea8bedf2d6724f6ce7d9847453638e44a7b8b22c73
SSDEEP

1572864:qCoXmi8RpFrpAzLEvR2Hxefu8qs8uyht1dTSUPvLeFclMR0G+HpA:qtXPILALEqefoBPRBPvSFYXa

Score

9^/10

Malware Config

Targets

- Target
  
  So1araBootstrappzxcvbnf.zip
- Size
  
  75.0MB
- MD5
  
  1a1fbb907aead7d59a4821d4df3fa448
- SHA1
  
  32acdd0a119b6eef7e5269655c0b9a4cd5632065
- SHA256
  
  c221df92ab8ad749226c07b8951349a0d0fa6aff77b25357e8942e5c64c612b0
- SHA512
  
  6f7709f08a1426970a4b6453d072c4ae807c16f20911f97dff3f39f13828a97d27ddffe56818ecc671fb26ea8bedf2d6724f6ce7d9847453638e44a7b8b22c73
- SSDEEP
  
  1572864:qCoXmi8RpFrpAzLEvR2Hxefu8qs8uyht1dTSUPvLeFclMR0G+HpA:qtXPILALEqefoBPRBPvSFYXa
Score

1^/10
behavioral1 behavioral2
- Target
  
  ReadMe.txt
- Size
  
  16B
- MD5
  
  ad359b7486d6870af461913236e0a094
- SHA1
  
  2ad213fd1efd12aa7e018a9df841a3c85f7dbd1a
- SHA256
  
  1e6bcf1474130be5357f8bc3cfe56010a2395663fbd0bfb1d4d4db15cc119889
- SHA512
  
  d3756be00941a77514defb962ccd0c949c310f141ab384bd81d0cd531b7d2039c0d8a775432da1fb92d8dedab7a373b4519af1ab0c89f90bb6a504af653335b0
Score

1^/10
behavioral3 behavioral4
- Target
  
  So1ara.zip
- Size
  
  75.0MB
- MD5
  
  2cd72d748c08a6e27a8d6b6b41169f51
- SHA1
  
  0cdfe0b4e53b4b3a5f98d95f2d3eec55bb2c7e52
- SHA256
  
  b4032b376d739cb47842adabb9b8f9c54db8dd0f0fe17852a0d2cbc78614f4bc
- SHA512
  
  915acb495cb0374aa1ea2a58913a62c423cfa7aa7361707045412d2c27c33ffdd9ecadbda1c58a1232c7d1fb0cb44ce37e7a33a7e512e98534c1ca480cf817b5
- SSDEEP
  
  1572864:JCoXmi8RpFrpAzLEvR2Hxefu8qs8uyht1dTSUPvLeFclMR0G+HpG:JtXPILALEqefoBPRBPvSFYXk
Score

1^/10
behavioral5 behavioral6
- Target
  
  Solara/Solar/SolaraV2.exe
- Size
  
  75.0MB
- MD5
  
  4b65e23284220a7d9f5fe835db5bf4f3
- SHA1
  
  211b16e6dcace1d2d41dc0486d1be957612dde3d
- SHA256
  
  47b7ab9983ca6e46297acc1163a9125d451f7c82400709e1808a1bb8d16f92ec
- SHA512
  
  bcf57b793cebb6114d6821399626c4b8ea1026fd82e5cb7f3b456738b4b6c87a6ec9797b64942f46bc7f83d7f613d958173753fb7f053c2b1bc403120aba50cf
- SSDEEP
  
  12288:eNnW9xmvvZOW/jnqaoHgs6LOlpvJEL0MijRTfKAUWDuAXGjwVRF+1299cdlpLNbr:QnW9xIdnqaIgsNBJEL04
Score

9^/10

discovery credential_access spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  Solara/Solar/autoexec/test.lua
- Size
  
  34B
- MD5
  
  f051c998ef025a1ccd4f6f7abe16e55e
- SHA1
  
  2e75e1237531ae3c0647c0fad7cf6ae1687d0e99
- SHA256
  
  601c187ff3410f7c71258bd29c0e48a9f40a046a745093f71e7172decf0f0eae
- SHA512
  
  748cb431b3a2208c07187c80a3c5b5174b2c536fb056e7b48646875cbd4392225da4aaaaf376f16ca79ab854245e7638cf02103f0913abff55e005da482d498a
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Solara/Solar/autoexec/test2.lua
- Size
  
  11B
- MD5
  
  701bf4a4743e5e0361e26999881a5ce9
- SHA1
  
  f34d33bcb5c13eae1c15faddc6054e479f74aa28
- SHA256
  
  c2d0a5e0790d97a015387a995c0d0b5eb3e88138466586fc980787c9b1731eb8
- SHA512
  
  8c0eedc5dca108eb9682239164cba3c70ba4c12e4520a9bdfa8efce0416ce51534fcea2ef4dcd7ea2dfc684358a064233165b0bda5287892de2014a1f2b21c6f
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Solara/Solar/workspace/.tests/appendfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral13 behavioral14
- Target
  
  Solara/Solar/workspace/.tests/getcustomasset.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral15 behavioral16
- Target
  
  Solara/Solar/workspace/.tests/isfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral17 behavioral18
- Target
  
  Solara/Solar/workspace/.tests/listfiles/test_1.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral19 behavioral20
- Target
  
  Solara/Solar/workspace/.tests/listfiles/test_2.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral21 behavioral22
- Target
  
  Solara/Solar/workspace/.tests/loadfile.txt
- Size
  
  1B
- MD5
  
  8fa14cdd754f91cc6554c9e71929cce7
- SHA1
  
  4a0a19218e082a343a1b17e5333409af9d98f0f5
- SHA256
  
  252f10c83610ebca1a059c0bae8255eba2f95be4d1d7bcfa89d7248a82d9f111
- SHA512
  
  711c22448e721e5491d8245b49425aa861f1fc4a15287f0735e203799b65cffec50b5abd0fddd91cd643aeb3b530d48f05e258e7e230a94ed5025c1387bb4e1b
Score

1^/10
behavioral23 behavioral24
- Target
  
  Solara/Solar/workspace/.tests/readfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral25 behavioral26
- Target
  
  Solara/Solar/workspace/.tests/writefile
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral27 behavioral28
- Target
  
  Solara/Solar/workspace/.tests/writefile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral29 behavioral30
- Target
  
  Solara/Solar/workspace/EzHubLL.txt
- Size
  
  2B
- MD5
  
  99914b932bd37a50b983c5e7c90ae93b
- SHA1
  
  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
- SHA256
  
  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
- SHA512
  
  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Credentials from Password Stores: Credentials from Web Browsers

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32