Overview

overview

10

Static

static

10

SolaraB/So...er.exe

windows7-x64

SolaraB/So...er.exe

windows10-2004-x64

9

SolaraB/So...er.exe

windows7-x64

7

SolaraB/So...er.exe

windows10-2004-x64

7

Resubmissions

06/08/2024, 09:58

240806-lzrreawemq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SolaraB.rar

  • Size

    215.8MB

  • Sample

    240806-lzrreawemq

  • MD5

    dc8a9da3ccb19ea6026fcef59bdc8223

  • SHA1

    186ed76692f9f87b87395bb4ff9a778c52d652bc

  • SHA256

    b8b1e7e9d1b58f4f6b96897ee7de82bd617191dfce4e2a2fa2cc3401f7e469a3

  • SHA512

    79dbb5e8687cfdd2b45b43e4b899bc578897d33df2bc0def009b273370fe0507ebbe848e27eade471ae47eff60e7daeb77dc59996f660ec2e0c730b815c76ed9

  • SSDEEP

    6291456:BX4qQ24ERyOP4JBe9MOBLHqRpuT2nMBYLur3ZcpHnD:2q8045cqP8aL+yD

Score
10/10
pysilondiscoveryevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      SolaraB/SolaraB/Solara/Solara - Client Version Installer.exe

    • Size

      101.3MB

    • MD5

      a1e6578a78175c0afad239f4947788f1

    • SHA1

      17a5346a8b191256594e127d80119aea510cb56e

    • SHA256

      6cd99522475709dd77a1041eb393f1482ac27cb18ba9ea6f2f6e476a651334dd

    • SHA512

      561dd2888fee41ee3d48470a021f2a679cece39628a7c6b69c1c87e65481300a4d9dd4793c07d93b97039aa31aeaeef8f4f4c9e826428dc98cfde2b38e4ef3c4

    • SSDEEP

      3145728:ap8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWos9U:7SWNaIsHCiH1XcBW1

    Score
    9/10
    discoveryevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      SolaraB/SolaraB/Solara/SolaraBootstrapper.exe

    • Size

      118.7MB

    • MD5

      39a76d7186e33bdbfe1be9656bf9c376

    • SHA1

      e0048aaa37326beb02ea98d9b8cbb4a68874663f

    • SHA256

      b63bf80c103a0353b811a7ea1131a18ce83df72c9144bd91a864881ad5547420

    • SHA512

      6bd3d4d76d9cbae0df632a3d63a2924e792b2a3d142eddc37e127f808faca4faa6d944b6a4cfabe06a70619c942ba1b2988cb8964a53d3ef1369747272aaface

    • SSDEEP

      3145728:degYRPSC++6y97nYX5M3gbcKCUsZnX3EaB80cKlM:YxaC4y9LYE2CFZHnZ/M

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks