Overview

overview

10

Static

static

10

Solara exe...ra.exe

windows10-2004-x64

9

Solara exe...L2.dll

windows10-2004-x64

3

Solara exe...pi.dll

windows10-2004-x64

3

Solara exe...sw.dll

windows10-2004-x64

3

Solara exe...ui.dll

windows10-2004-x64

3

Solara exe...i2.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    Solara executor.rar

  • Size

    6.4MB

  • Sample

    240810-fh1p4a1amf

  • MD5

    e0a21aabe2e08ad5f31768725b6d3e03

  • SHA1

    03cdae2d159496e26a61b17975d7c0f742b65718

  • SHA256

    9cb28519e8b3b7392eb59b497f100378c480d88337509f6a589e22a559dfad8a

  • SHA512

    c74250055aeac62df3b1ed2eb2296f2a7a77540044a4ad19661df82d4c5db9550b12942a5438232bc3a0cf56342311f6fbfb70a15c3a6369b78b13b878a7395a

  • SSDEEP

    196608:uDhBLqB8DAdQjuwVQLRuJH3cuSbJo/ULbTAF:4hJ4EYQjuhkpxiqUnc

Score
10/10
redlinecredential_accessdiscoveryevasionspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      Solara executor/Solara.exe

    • Size

      4.6MB

    • MD5

      eb1a8a2ad16907874483509234a36dc1

    • SHA1

      2bd4bc54aea4b45855c2091e3f7df32442063581

    • SHA256

      259a15fc38bcc8b24aa75cf10bf16bdf9927de1cf928544b7bab38276c04e547

    • SHA512

      dc44f89c7964ca241650eb00747ee29b601f4f7c150c2d3af44498b32b6c48ea0c23e8c3eebef3fa84dbe92b43cf89cefc4b1dcfa342230c5e36780adeded91d

    • SSDEEP

      98304:jx1UuIrWlbF+6vXf8KIIG4N4kRkd7tJWPTTj3XMILFi:j0pWl4CXf1RG4NjKJsPLnt

    Score
    9/10
    credential_accessdiscoveryevasionspywarestealerthemidatrojan

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      Solara executor/cfg/SDL2.dll

    • Size

      1.9MB

    • MD5

      9fd3ec6d8de3cff290e7a78177b17362

    • SHA1

      b3cb33d621749c9340718f405a719c9f383b7bcd

    • SHA256

      7a7f96e8e8dd97bed0faecdf12f8b22d09ae6181659c86c94f075453cfa6d5f7

    • SHA512

      0e376326e26be63198db2f532acf9f8f7b9dbad7a6fb182c4adf2ffc034d9d345f4664ada3f5ae6ce023743dc55bd82250db095fa132df248ab606362d5c2525

    • SSDEEP

      24576:EaURSDS53BCRBnjUG8rKGGe36k4TtDPW/akFnPc2/U1NxytF2xwP5uHhMqLzn9p9:Ea36Z6J6/9zGugbzPkAN

    Score
    3/10
    discovery
    behavioral2

    • Target

      Solara executor/cfg/steam_api.dll

    • Size

      256KB

    • MD5

      56d9f94d37cb8f03049a1cc3062bffaf

    • SHA1

      90f0f4780117bd2ae44fe051077005964eb75bce

    • SHA256

      1ac139ebad2a653adff5700347274cf9816256eb5d69ae6dc43c4cf9c8532aa7

    • SHA512

      f92bc75a4fc6de545a9773093c39993942f03d5091c6fa0150e0bd00fb5c1dfb6edb3afc0afc7eaf3fd311336e513eeacfbb2cac5d638ab366c384c9e831b54e

    • SSDEEP

      6144:D9j7BrSKU/mXxQ7C8cbp9huslymC2CPRuyd/:D9j7BrSKUYQWByl2C7d/

    Score
    3/10
    discovery
    behavioral3

    • Target

      Solara executor/cfg/sw.dll

    • Size

      3.4MB

    • MD5

      8080846552e4023d5438786f834a623f

    • SHA1

      620e2cca905884044a20c6eccb66799c59621e13

    • SHA256

      494f19c7884be8eb4c869cd70c6334c2d8de9278ab67c34820dd593cf68c9844

    • SHA512

      773d7e40923673db24d1ae04dc3f74553390adcce9e4857d900518af37f5df955939fabca46e407a5de65d5889bfb553bda3e0fa3027c21715c901fea0f1a397

    • SSDEEP

      98304:0SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSSSSlwwwwwwwwwwwwww5:nLkfL/j

    Score
    3/10
    discovery
    behavioral4

    • Target

      Solara executor/cfg/vgui.dll

    • Size

      268KB

    • MD5

      8819af515a2d9ff93bbeb0a48a4c5198

    • SHA1

      7e6422e3e66fbbf9f3a3dc188017a89108aeb234

    • SHA256

      70499a2d7a3cf7b4fa2224753998cf9312e3140511ecb0627ed5fff28f90a724

    • SHA512

      f23a4b03327502924bedeb9be08d10104b7405e970d613cc80b749114d8c212eb7c0d94eab8209132b825e8235ba3efb304db74905984de8f969ad874ca59f99

    • SSDEEP

      6144:nuUirYnKAlUmmc6zAi41cJVBRWGOzUZtYbPNAyd8lS6/amgF2Ii0VABhgNRwiRZ3:nuUir8KOUunw461eH

    Score
    3/10
    discovery
    behavioral5

    • Target

      Solara executor/cfg/vgui2.dll

    • Size

      172KB

    • MD5

      3cdcd7b4fe0ca77398ea6c7e0b197bae

    • SHA1

      f5dd2b70cb9e08989a295a0e62b01bed236dff84

    • SHA256

      426b5febb5382d4f89728a50d7f95a5ed51592b5c5eb6b4939b29b543d7cd2b0

    • SHA512

      be0a7591f870a016c30da17b14b6e1f499e4d3fae52436b1b3888d9bc57c05b78ab330deee103d339be1b6786539aba3207a5678de21860e74fce5997a0d78af

    • SSDEEP

      3072:7s/gwDP6Fr1rlcs4fq30cAAhp/UubKTs5DaK6y/yIks70i9dBA64GIIK/fD:A/gE6Fr/4fNcAAhp/Uuby3y/tdDdBAvl

    Score
    3/10
    discovery
    behavioral6

MITRE ATT&CK Enterprise v15

Tasks