General

  • Target

    Solara.zip

  • Size

    23.0MB

  • Sample

    240806-rw21vs1gmp

  • MD5

    854733d08f216dece49a66ceca55f4b7

  • SHA1

    5c073fa6067af9ece6565c5d576576e65997a70f

  • SHA256

    cbb42eaaddfd95d52e8a961d5689bb93d3073a79ce7704012e8442d0a3a8e2ba

  • SHA512

    0d6ebf4cb951f6c149a8400f69e9c29117f85e708ccbad5453fa04a5b2819023205798ebcd3efb02232d127f2e43e8ac760223a4a2047c02e855ddae8b31d541

  • SSDEEP

    393216:amOGXoFuDT+jzgvuFZSPN944EMPe34ZKk2mfOhZdUayxmKQvJfZR4GmSYUrpCcQP:am7tajzgvLIHoe34VlKZdjyxevZHjYhP

Malware Config

Targets

    • Target

      Solara.zip

    • Size

      23.0MB

    • MD5

      854733d08f216dece49a66ceca55f4b7

    • SHA1

      5c073fa6067af9ece6565c5d576576e65997a70f

    • SHA256

      cbb42eaaddfd95d52e8a961d5689bb93d3073a79ce7704012e8442d0a3a8e2ba

    • SHA512

      0d6ebf4cb951f6c149a8400f69e9c29117f85e708ccbad5453fa04a5b2819023205798ebcd3efb02232d127f2e43e8ac760223a4a2047c02e855ddae8b31d541

    • SSDEEP

      393216:amOGXoFuDT+jzgvuFZSPN944EMPe34ZKk2mfOhZdUayxmKQvJfZR4GmSYUrpCcQP:am7tajzgvLIHoe34VlKZdjyxevZHjYhP

    Score
    1/10
    • Target

      Solara/Solara/SolaraV2.exe

    • Size

      23.0MB

    • MD5

      f8df38b9c3e3623d532963d19fbd9aef

    • SHA1

      2ee2d919d64ab6d7f0f1f9758cb93a40b209893e

    • SHA256

      3edb793c12e214934185468759e37d9735deb7cdc70cab88d1e25a5ee986eb01

    • SHA512

      a2487d9f1a7cce0aa49175c14cf9febbc68bf6f6bd559dc92c554b51eea4427c9caec7ddaffc7177b0cbc7600452ce79e44897e84bfc3ee9dc9183e01a7bb4c2

    • SSDEEP

      24576:upZHY7WrA+vr7mXoLDEQmzlVjrRRUutP9L8g21FirU2rwMGBCF9W7W:GHY7WUSmXoLDEQ8TRKmPY1FirEXC7

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

    • Target

      Solara/Solara/autoexec/test.lua

    • Size

      34B

    • MD5

      f051c998ef025a1ccd4f6f7abe16e55e

    • SHA1

      2e75e1237531ae3c0647c0fad7cf6ae1687d0e99

    • SHA256

      601c187ff3410f7c71258bd29c0e48a9f40a046a745093f71e7172decf0f0eae

    • SHA512

      748cb431b3a2208c07187c80a3c5b5174b2c536fb056e7b48646875cbd4392225da4aaaaf376f16ca79ab854245e7638cf02103f0913abff55e005da482d498a

    Score
    3/10
    • Target

      Solara/Solara/autoexec/test2.lua

    • Size

      11B

    • MD5

      701bf4a4743e5e0361e26999881a5ce9

    • SHA1

      f34d33bcb5c13eae1c15faddc6054e479f74aa28

    • SHA256

      c2d0a5e0790d97a015387a995c0d0b5eb3e88138466586fc980787c9b1731eb8

    • SHA512

      8c0eedc5dca108eb9682239164cba3c70ba4c12e4520a9bdfa8efce0416ce51534fcea2ef4dcd7ea2dfc684358a064233165b0bda5287892de2014a1f2b21c6f

    Score
    3/10
    • Target

      Solara/Solara/workspace/.tests/appendfile.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Solara/Solara/workspace/.tests/getcustomasset.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Solara/Solara/workspace/.tests/isfile.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Solara/Solara/workspace/.tests/listfiles/test_1.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Solara/Solara/workspace/.tests/listfiles/test_2.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Solara/Solara/workspace/.tests/loadfile.txt

    • Size

      1B

    • MD5

      8fa14cdd754f91cc6554c9e71929cce7

    • SHA1

      4a0a19218e082a343a1b17e5333409af9d98f0f5

    • SHA256

      252f10c83610ebca1a059c0bae8255eba2f95be4d1d7bcfa89d7248a82d9f111

    • SHA512

      711c22448e721e5491d8245b49425aa861f1fc4a15287f0735e203799b65cffec50b5abd0fddd91cd643aeb3b530d48f05e258e7e230a94ed5025c1387bb4e1b

    Score
    1/10
    • Target

      Solara/Solara/workspace/.tests/readfile.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Solara/Solara/workspace/.tests/writefile

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Solara/Solara/workspace/.tests/writefile.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Solara/Solara/workspace/EzHubLL.txt

    • Size

      2B

    • MD5

      99914b932bd37a50b983c5e7c90ae93b

    • SHA1

      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

    • SHA256

      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

    • SHA512

      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

    Score
    1/10
    • Target

      Solara/Solara/workspace/IY_FE.iy

    • Size

      539B

    • MD5

      291d5636a434c4f1ceb0f3f776c2a51f

    • SHA1

      ae287e08f71c522a72812f0dace94b8ffb569341

    • SHA256

      73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452

    • SHA512

      7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743

    Score
    3/10
    • Target

      Solara/Solara/workspace/Sky Hub/Sky Hub Settings.json

    • Size

      52B

    • MD5

      9a42aefba1beca2d4816e37142fa22db

    • SHA1

      387384c567a5bd1ca99568c43315ea39bdaec1e0

    • SHA256

      37dd2675939dcf754c08d0a3776908fc7c996849839dcba037848a943f33240b

    • SHA512

      77ed2aeab7c10507e74c8001cbafe883d4a308cc3686d0edcf8925db54f00e45337b9ebd7d19c83129cebda0e0eaa9d01a0f5474d0639b6cab5659cfedb80a9b

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

credential_accessdiscoveryspywarestealer
Score
10/10

behavioral4

credential_accessdiscoveryspywarestealer
Score
10/10

behavioral5

discovery
Score
3/10

behavioral6

Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

discovery
Score
3/10

behavioral30

Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

Score
3/10