Overview

overview

9

Static

static

3

So1araBoot...nf.zip

windows7-x64

1

So1araBoot...nf.zip

windows10-2004-x64

1

ReadMe.txt

windows7-x64

1

ReadMe.txt

windows10-2004-x64

1

So1ara.zip

windows7-x64

1

So1ara.zip

windows10-2004-x64

1

Solara/Sol...V2.exe

windows7-x64

7

Solara/Sol...V2.exe

windows10-2004-x64

9

Solara/Sol...st.lua

windows7-x64

3

Solara/Sol...st.lua

windows10-2004-x64

3

Solara/Sol...t2.lua

windows7-x64

3

Solara/Sol...t2.lua

windows10-2004-x64

3

Solara/Sol...le.txt

windows7-x64

1

Solara/Sol...le.txt

windows10-2004-x64

1

Solara/Sol...et.txt

windows7-x64

1

Solara/Sol...et.txt

windows10-2004-x64

1

Solara/Sol...le.txt

windows7-x64

1

Solara/Sol...le.txt

windows10-2004-x64

1

Solara/Sol..._1.txt

windows7-x64

1

Solara/Sol..._1.txt

windows10-2004-x64

1

Solara/Sol..._2.txt

windows7-x64

1

Solara/Sol..._2.txt

windows10-2004-x64

1

Solara/Sol...le.txt

windows7-x64

1

Solara/Sol...le.txt

windows10-2004-x64

1

Solara/Sol...le.txt

windows7-x64

1

Solara/Sol...le.txt

windows10-2004-x64

1

Solara/Sol...tefile

windows7-x64

1

Solara/Sol...tefile

windows10-2004-x64

1

Solara/Sol...le.txt

windows7-x64

1

Solara/Sol...le.txt

windows10-2004-x64

1

Solara/Sol...LL.txt

windows7-x64

1

Solara/Sol...LL.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    96s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-08-2024 09:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Solara/Solar/SolaraV2.exe

  • Size

    75.0MB

  • MD5

    4b65e23284220a7d9f5fe835db5bf4f3

  • SHA1

    211b16e6dcace1d2d41dc0486d1be957612dde3d

  • SHA256

    47b7ab9983ca6e46297acc1163a9125d451f7c82400709e1808a1bb8d16f92ec

  • SHA512

    bcf57b793cebb6114d6821399626c4b8ea1026fd82e5cb7f3b456738b4b6c87a6ec9797b64942f46bc7f83d7f613d958173753fb7f053c2b1bc403120aba50cf

  • SSDEEP

    12288:eNnW9xmvvZOW/jnqaoHgs6LOlpvJEL0MijRTfKAUWDuAXGjwVRF+1299cdlpLNbr:QnW9xIdnqaIgsNBJEL04

Score
9/10
credential_accessdiscoveryspywarestealer

Malware Config

Signatures

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Loads dropped DLL 1 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Solara\Solar\SolaraV2.exe
    "C:\Users\Admin\AppData\Local\Temp\Solara\Solar\SolaraV2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1864
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 2388
        3⤵
        • Program crash
        PID:5088
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1864 -ip 1864
    1⤵
      PID:2004

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\d3d9.dll
      Filesize

      725KB

      MD5

      440e95cdba7b964ffeec06901b9bcdd7

      SHA1

      27fbc6130a735798eb4027d7f795ae70df812b09

      SHA256

      e2049b86e21ce43739e21d57d62a03f242fe12534201b49a8ad6c6f8acd259b9

      SHA512

      a99caa28dd88ae88bf4ee584a0ddd5935a1d0f8d47a1db42527863360ac78520a61314bc65b5f485a4bb84db2ca377ff1dcb314b3704d5fcac190b20bcd4e912

      Download Submit

    • memory/1864-16-0x0000000007F50000-0x0000000008568000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/1864-11-0x0000000005170000-0x0000000005714000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1864-17-0x0000000007A90000-0x0000000007B9A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1864-19-0x0000000007A30000-0x0000000007A6C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1864-18-0x00000000079D0000-0x00000000079E2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1864-12-0x0000000004BC0000-0x0000000004C52000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1864-13-0x0000000074570000-0x0000000074D20000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1864-14-0x0000000004C70000-0x0000000004C7A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1864-15-0x0000000074570000-0x0000000074D20000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1864-26-0x0000000074570000-0x0000000074D20000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1864-8-0x0000000000630000-0x00000000006B6000-memory.dmp

      Filesize

      536KB

      Download

    • memory/1864-25-0x0000000009AC0000-0x0000000009FEC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/1864-24-0x0000000008DF0000-0x0000000008FB2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1864-20-0x0000000007BA0000-0x0000000007BEC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1864-21-0x00000000087E0000-0x0000000008846000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1864-22-0x0000000008B10000-0x0000000008B86000-memory.dmp

      Filesize

      472KB

      Download

    • memory/1864-23-0x0000000008A90000-0x0000000008AAE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2612-10-0x0000000074570000-0x0000000074D20000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2612-1-0x00000000007F0000-0x00000000008A2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2612-0-0x000000007457E000-0x000000007457F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2612-27-0x0000000074570000-0x0000000074D20000-memory.dmp

      Filesize

      7.7MB

      Download