Overview

overview

9

Static

static

7

Solara/Solara.exe

windows7-x64

6

Solara/Solara.exe

windows10-2004-x64

6

Solara/SolaraV3.dll

windows7-x64

9

Solara/SolaraV3.dll

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Solara.zip

  • Size

    9.8MB

  • Sample

    240811-dbfega1gnq

  • MD5

    904180f536e3c47bbd61e451bb9631f7

  • SHA1

    20c0e0294ec39850545b6c1844864b0339141825

  • SHA256

    5a072e88942b37c1afbe54875bec5d7c830868cd9af514ea88764af9a2a10fb8

  • SHA512

    806d0aa5d2e9c759f3ee6b9a3a7e7308c16a7172d9e76a8463fe696c3a941e1386ea61ce428414f9114c55a29f95d395068205c25f7591771ddad2dbec5f344c

  • SSDEEP

    196608:dMXtgEV+wivXxoxFwMMMl6wfvA/OSc2Cav72WkWcLcTBk1F/wB:K9gt5vXxaFDMU6wfqOSc8T2WkWybE

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Targets

    • Target

      Solara/Solara.exe

    • Size

      133KB

    • MD5

      5ac0462702a125b10cad429f1a29ebe5

    • SHA1

      9a1f9e04fe156e929ef8edecaf9f11c7a5ee9ae2

    • SHA256

      eb6c724328e344f63d7fd7207b89e7c192411d624e69d64859f282cd36bf5bb7

    • SHA512

      f44af2ce1137bc7c8f9b54e605c6f08c0f1e56861d539e79bc35f6ccc724f8c5df15ba3611622172c21e57e19a2613cce132f6e3ab3e239fb5263b22b0add5aa

    • SSDEEP

      3072:1QoRzRjDjMbb1lnOXrPXe7Ehq5Zg1ulbSouMOy:OoRzRjDjMbnOXzWE0qNV

    Score
    6/10

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      Solara/SolaraV3.dll

    • Size

      6.1MB

    • MD5

      004327062fd3edc40cd4f9a8d483b609

    • SHA1

      107faf407891f04e66b9e4e193da2bf76f38e92d

    • SHA256

      6e905ceb8b5392b2c9b5a4f310309c8a8ffd1b1bee4f07ef7ef98f350eb0963f

    • SHA512

      175f3159ca4efe338c90ff3abbff3efcfe189f5d9be2ad06e020664dcd69f27913058aeae535d4d4bb5f24869c1dae447910c1fe60b6254bf114df0a458e9542

    • SSDEEP

      98304:De3dhI7o0dvlBdGLIfuHALtmz30B8XccV+si+JVBYN+kGBIZaWizhnXrJyr:0H4o0hl78LHQmz30uXcaPIZDY5XrYr

    Score
    9/10
    evasionthemidatrojandiscovery

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks