cbb42eaaddfd95d52e8a961d5689bb93d3073a79ce7704012e8442d0a3a8e2ba

Sharing

Copy URL

Twitter E-mail

General

Target

Solara.zip
Size

23.0MB
Sample

240806-rw21vs1gmp
MD5

854733d08f216dece49a66ceca55f4b7
SHA1

5c073fa6067af9ece6565c5d576576e65997a70f
SHA256

cbb42eaaddfd95d52e8a961d5689bb93d3073a79ce7704012e8442d0a3a8e2ba
SHA512

0d6ebf4cb951f6c149a8400f69e9c29117f85e708ccbad5453fa04a5b2819023205798ebcd3efb02232d127f2e43e8ac760223a4a2047c02e855ddae8b31d541
SSDEEP

393216:amOGXoFuDT+jzgvuFZSPN944EMPe34ZKk2mfOhZdUayxmKQvJfZR4GmSYUrpCcQP:am7tajzgvLIHoe34VlKZdjyxevZHjYhP

Score

10^/10

Malware Config

Targets

- Target
  
  Solara.zip
- Size
  
  23.0MB
- MD5
  
  854733d08f216dece49a66ceca55f4b7
- SHA1
  
  5c073fa6067af9ece6565c5d576576e65997a70f
- SHA256
  
  cbb42eaaddfd95d52e8a961d5689bb93d3073a79ce7704012e8442d0a3a8e2ba
- SHA512
  
  0d6ebf4cb951f6c149a8400f69e9c29117f85e708ccbad5453fa04a5b2819023205798ebcd3efb02232d127f2e43e8ac760223a4a2047c02e855ddae8b31d541
- SSDEEP
  
  393216:amOGXoFuDT+jzgvuFZSPN944EMPe34ZKk2mfOhZdUayxmKQvJfZR4GmSYUrpCcQP:am7tajzgvLIHoe34VlKZdjyxevZHjYhP
Score

1^/10
behavioral1 behavioral2
- Target
  
  Solara/Solara/SolaraV2.exe
- Size
  
  23.0MB
- MD5
  
  f8df38b9c3e3623d532963d19fbd9aef
- SHA1
  
  2ee2d919d64ab6d7f0f1f9758cb93a40b209893e
- SHA256
  
  3edb793c12e214934185468759e37d9735deb7cdc70cab88d1e25a5ee986eb01
- SHA512
  
  a2487d9f1a7cce0aa49175c14cf9febbc68bf6f6bd559dc92c554b51eea4427c9caec7ddaffc7177b0cbc7600452ce79e44897e84bfc3ee9dc9183e01a7bb4c2
- SSDEEP
  
  24576:upZHY7WrA+vr7mXoLDEQmzlVjrRRUutP9L8g21FirU2rwMGBCF9W7W:GHY7WUSmXoLDEQ8TRKmPY1FirEXC7
Score

10^/10

credential_access discovery spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral3 behavioral4
- Target
  
  Solara/Solara/autoexec/test.lua
- Size
  
  34B
- MD5
  
  f051c998ef025a1ccd4f6f7abe16e55e
- SHA1
  
  2e75e1237531ae3c0647c0fad7cf6ae1687d0e99
- SHA256
  
  601c187ff3410f7c71258bd29c0e48a9f40a046a745093f71e7172decf0f0eae
- SHA512
  
  748cb431b3a2208c07187c80a3c5b5174b2c536fb056e7b48646875cbd4392225da4aaaaf376f16ca79ab854245e7638cf02103f0913abff55e005da482d498a
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Solara/Solara/autoexec/test2.lua
- Size
  
  11B
- MD5
  
  701bf4a4743e5e0361e26999881a5ce9
- SHA1
  
  f34d33bcb5c13eae1c15faddc6054e479f74aa28
- SHA256
  
  c2d0a5e0790d97a015387a995c0d0b5eb3e88138466586fc980787c9b1731eb8
- SHA512
  
  8c0eedc5dca108eb9682239164cba3c70ba4c12e4520a9bdfa8efce0416ce51534fcea2ef4dcd7ea2dfc684358a064233165b0bda5287892de2014a1f2b21c6f
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Solara/Solara/workspace/.tests/appendfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral10 behavioral9
- Target
  
  Solara/Solara/workspace/.tests/getcustomasset.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral11 behavioral12
- Target
  
  Solara/Solara/workspace/.tests/isfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral13 behavioral14
- Target
  
  Solara/Solara/workspace/.tests/listfiles/test_1.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral15 behavioral16
- Target
  
  Solara/Solara/workspace/.tests/listfiles/test_2.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral17 behavioral18
- Target
  
  Solara/Solara/workspace/.tests/loadfile.txt
- Size
  
  1B
- MD5
  
  8fa14cdd754f91cc6554c9e71929cce7
- SHA1
  
  4a0a19218e082a343a1b17e5333409af9d98f0f5
- SHA256
  
  252f10c83610ebca1a059c0bae8255eba2f95be4d1d7bcfa89d7248a82d9f111
- SHA512
  
  711c22448e721e5491d8245b49425aa861f1fc4a15287f0735e203799b65cffec50b5abd0fddd91cd643aeb3b530d48f05e258e7e230a94ed5025c1387bb4e1b
Score

1^/10
behavioral19 behavioral20
- Target
  
  Solara/Solara/workspace/.tests/readfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral21 behavioral22
- Target
  
  Solara/Solara/workspace/.tests/writefile
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral23 behavioral24
- Target
  
  Solara/Solara/workspace/.tests/writefile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral25 behavioral26
- Target
  
  Solara/Solara/workspace/EzHubLL.txt
- Size
  
  2B
- MD5
  
  99914b932bd37a50b983c5e7c90ae93b
- SHA1
  
  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
- SHA256
  
  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
- SHA512
  
  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
Score

1^/10
behavioral27 behavioral28
- Target
  
  Solara/Solara/workspace/IY_FE.iy
- Size
  
  539B
- MD5
  
  291d5636a434c4f1ceb0f3f776c2a51f
- SHA1
  
  ae287e08f71c522a72812f0dace94b8ffb569341
- SHA256
  
  73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452
- SHA512
  
  7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Solara/Solara/workspace/Sky Hub/Sky Hub Settings.json
- Size
  
  52B
- MD5
  
  9a42aefba1beca2d4816e37142fa22db
- SHA1
  
  387384c567a5bd1ca99568c43315ea39bdaec1e0
- SHA256
  
  37dd2675939dcf754c08d0a3776908fc7c996849839dcba037848a943f33240b
- SHA512
  
  77ed2aeab7c10507e74c8001cbafe883d4a308cc3686d0edcf8925db54f00e45337b9ebd7d19c83129cebda0e0eaa9d01a0f5474d0639b6cab5659cfedb80a9b
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Credentials from Password Stores: Credentials from Web Browsers

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32