21b4b1091da61c9e2176298444c56c57d0282acc8be75aae9101fce661670675

Sharing

Copy URL

Twitter E-mail

General

Target

GtggawWHsSMJ.zip
Size

50.4MB
Sample

240811-pcltesyerj
MD5

0b658bd1547aca7752add78ea3498e54
SHA1

47eee85e6d8f64c4c9412b71e8c749015c1df08a
SHA256

21b4b1091da61c9e2176298444c56c57d0282acc8be75aae9101fce661670675
SHA512

0e51f0d49ea6766e1245506f1a9833280298f527e001ac111e40266e05b155fd583a8b56cd996e0a83d16cb2a7dc1b2559e7d330da2cd2d7041275a258b17c5d
SSDEEP

1572864:N8HY/NTvJZTku0IlhbnPtgmFhDzOf9tqlSc3odOC:6ITvJZv0ChzNLDzOf9Q3odOC

Score

10^/10

discovery

Malware Config

Targets

- Target
  
  S01ara.zip
- Size
  
  50.4MB
- MD5
  
  ed853e653fa669abfea3c229845c11cb
- SHA1
  
  cc919f87b43bd63c76378dc78a663947339e91f9
- SHA256
  
  f48e3f75ae8e4796737caed19b1ec78172306caad758938ef8351599a019fc28
- SHA512
  
  03b6458cfc736dfa93979ad4eb6abbde2ab2ebd3c9fa770210df3bb6558e3f7a159bdd9949b4ad99516f5cfc0ca8cf9e7d676532e121ace763f93c75a29920f6
- SSDEEP
  
  1572864:M8HY/NTvJZTku0IlhbnPtgmFhDzOf9tqlSc3odOC:JITvJZv0ChzNLDzOf9Q3odOC
Score

1^/10
behavioral1
- Target
  
  Solara/Solara/SolaraBootstrapper V3.exe
- Size
  
  50.4MB
- MD5
  
  0d2ded9caa35fffc0f2363e4f92e77ea
- SHA1
  
  9c765027a132495825d5bb5256ffbbd597371a63
- SHA256
  
  56b2926a2b7660cd8508a4913246eb49546b0ff084b4bfbfe0f399083edf8758
- SHA512
  
  f8770ed852de3b50fb751943ceeaec09345bb552d6debe8423e575e12db51083b8bf7816aa9438c61d238b5a3ffd39f367a1ca7705143abc82a084c9aae22cf4
- SSDEEP
  
  1572864:3eKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKe:3eKKKKKKKKKKKKKKKKKKKKKKKKKKKKK5
Score

10^/10

discovery
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral2
- Target
  
  $TEMP/Click
- Size
  
  12KB
- MD5
  
  39a7afcc988e24e5648f26332e6503cf
- SHA1
  
  41ab3d6552399bfb8713700f042db71e2bb5f5df
- SHA256
  
  9894e29de2f116ad5ee0143c3b4ac7ae118299458dceb76ed6443c14ca8c8d5b
- SHA512
  
  4ce359020669bc5d62e0f47e1ff7fcbaac7fb10d6fc298197411178535a64b7a81729d5a2eee386d29e6950866674824b46cf98b93bb4391d6c827ff120a7c77
- SSDEEP
  
  384:8JtnsdOcQYdwF8GQ1hwJs4Ii6pCvhiRPJ:8Jyo7y+bWEARPJ
Score

1^/10
behavioral3
- Target
  
  $TEMP/Coin
- Size
  
  86KB
- MD5
  
  9926cf3b9c9b05884d1d022919c17aca
- SHA1
  
  8ef3e60410b210f5ae2f8cb008602110a220651c
- SHA256
  
  3e83dd85db8c054f8fa5d9330968e33f1bf4a10d9285f7f353068a973d2a2646
- SHA512
  
  4bed587c22d3fb29d8c0836677eb293e1cb3fed7b9d19d0fc85c7cafdba6bd76799d6ccc0d1fce3517c5c533fc9d8ce0f027225a6f04a14fafb0fb7a2835e7b2
- SSDEEP
  
  1536:bK2qoKAAgv6ix8Z9101PvBuVTBv0+f95EmZOFBOQpUqxHt3wPdLfAC3dn/oF+iCz:b7qoK9qnxm2t5ABv0qEmIFAQpUqtt3c3
Score

1^/10
behavioral4
- Target
  
  $TEMP/Handjobs
- Size
  
  872KB
- MD5
  
  7966e30c5c82f7516319c29973734b33
- SHA1
  
  b786aae4860d43b4c97d5a9e5fba0e385fdb609c
- SHA256
  
  a0a2df0b6726bd2c6bda8fc38114fe92b32eec1c3d621fcb7b2938ca2368b438
- SHA512
  
  714b5b9dfb9fdfc12f9f95f225aab16184c1f128267d2070b3e2f54663c1d5a31fbe6988ff9437d383352150d740d9e6d47794a95d4d1320f92a71870a85f356
- SSDEEP
  
  12288:dpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:dT3E53Myyzl0hMf1tr7Caw8M01
Score

1^/10
behavioral5
- Target
  
  $TEMP/Heritage
- Size
  
  285B
- MD5
  
  351b69558c552ab23429a11666b16ea7
- SHA1
  
  a822afdcb6cbfbbdb5c9e60e1a09fb7fd0133f0e
- SHA256
  
  81236e3f98b03472879e0f5ecf67bf0e288b23ad1c3c15ee2bb2c2d4d48714c1
- SHA512
  
  c6fbbb22c909f66e1d204ea88e79e37cce4079f5d2d60846a2f9dff56afc5c51324ef72f4c6184f9de60236437c9dd086596355c937e54195dfa444d7c21503e
Score

1^/10
behavioral6
- Target
  
  $TEMP/Milfhunter
- Size
  
  50KB
- MD5
  
  f6ee6b9074e03f4a44bd5d5d18008ffa
- SHA1
  
  3fd0678c0ff417bb8fe22f45c3e8b0042a9b801c
- SHA256
  
  44736ae60d9770901e7f75ab6981ba0aa19e0e1112dfbf0fbec18b93e8c8dc59
- SHA512
  
  173270b615af216b398699772374dafe94fbcd3e455ae7aaf6689fa4b4944ad7d0a66eaeae24ee822d055109732d7b37286acf154bd070556dab8705b5705d45
- SSDEEP
  
  1536:dDzZ5n/3LL6mp7anWjQR20o5qVZxXPlHWPA:NzKqa8C20o5Wf/IPA
Score

1^/10
behavioral7
- Target
  
  $TEMP/Monte
- Size
  
  56KB
- MD5
  
  a9918a54367c2e47cb76a5b2818aaf3b
- SHA1
  
  7135fa3f5bfce8d0787235aa27d6ffefe67fd88f
- SHA256
  
  f8fd8c3de07b2334b53eccbd8adda06ac64092e16077d5f6dfbc820ede0b2b09
- SHA512
  
  f694492a14ba5064879eca217477eb31d5cb651cb14d0aa9239773ab28b690362b1f69bc7c2b6059fa821e2d4a45aae259cbd0dd635212b97c1b1704c6f861a3
- SSDEEP
  
  1536:ix+Wlu/K6jA6Sx65bHgLd1t7HWCnuyfnX:iB0i60naHqbt7HWCj/X
Score

1^/10
behavioral8
- Target
  
  $TEMP/Operator
- Size
  
  72KB
- MD5
  
  21cd8ab9ea9095ade512fc894378569d
- SHA1
  
  9200bdf2699000475b3a856e91452772f5ef6218
- SHA256
  
  86afa7f20a0899d5e1ab11d0dc8d4d74650cbe29cfe5668e17e96eb10f04a49a
- SHA512
  
  b71953d05599fedde33ff5b3c3fe1b56aa605a17fdcf13a8d69c09cdb3f2a31eaa39e20d10a0bbd787b3051caf41e55e638da8c859623d571ea46b5fdd0f0147
- SSDEEP
  
  1536:MT/vHEP5oIRnk7bDbbn72fF9VuIhNmnU0ETFP5j1nH2zgDnBCuF:cUP54DbMFKnfGF3WzCBCa
Score

1^/10
behavioral9
- Target
  
  $TEMP/Player
- Size
  
  79KB
- MD5
  
  82383a3fe45670303a943f51103ee9a7
- SHA1
  
  1878d4fac7a1220357e7a36c0ce0995bfe0c7566
- SHA256
  
  e4d90c5ec872a65e8049346798654ad0d8e54f1accfe042e0e0af150a2de65d2
- SHA512
  
  da56dac2ad54cdc9c94d9f0265bfdbd7ef81cb38607954d579451f28ea165fa5ed6de91d3a5608ea51c677b0bf4d8dec9518ae06b3f3c385d710562762744f7d
- SSDEEP
  
  1536:BCyF5pP/26wtVlyBhdTfHbJ59X/Nb5G4MvcRFOd1DxntXPaD/3ntz+hVyy4M:BCa5p26eVlyTNH51b3dC1tSz0hVyyN
Score

1^/10
behavioral10
- Target
  
  $TEMP/Punishment
- Size
  
  62KB
- MD5
  
  a243e0271481a4b08652c64530c60053
- SHA1
  
  e366193c2fe31a282ffe04b11dbe539667a683c8
- SHA256
  
  3496e6f89a269fd0820d18badf467d293ea16cb58b8e4d6d4d2b7ea7dabcc34c
- SHA512
  
  f9ee6066f4c6a58681e6a56a62b43e43d86d9b97a6b96a3e59371fb5871ea07ee4b2657fdfdaba519a3e8218e2f3427cdbb8f4190bd3dd421ea1dd044346c7a5
- SSDEEP
  
  1536:BOdqA7WHQtQhxOdd1wobvc31teH1TQHHpVXcUrxX4pft58KJE0:8dN0W0O/1Fbvc3M1eHTXxtuXE0
Score

1^/10
behavioral11
- Target
  
  $TEMP/Reggae
- Size
  
  59KB
- MD5
  
  7bbaba3c68920b935963292b8cf3c99e
- SHA1
  
  663647cb4ce3ca680380f950b0e0755dbc5691c1
- SHA256
  
  41adfd84674f5954e04010b779f490da3ebed5bef926b45d5aa636599328dea9
- SHA512
  
  8f6ae4124d0581decf445ed3a129689dad7ef0adb21de34479644e52751c5b72e39591c69c464a861ed1d8e5f6c994298c83d153aa7b75c3437086436dbf9b9c
- SSDEEP
  
  1536:HLAOdgtmCfyAUYqqjZTIkxYnRf2jbQSOMrHEHxVJp5iIbSA2V:HZJCKVYTbxYIj8S3axVJyIbKV
Score

1^/10
behavioral12
- Target
  
  $TEMP/Relative
- Size
  
  56KB
- MD5
  
  efdfded40eddf0af6c5142a74073803a
- SHA1
  
  0c1ffbc7387d99b717d96fa343b7582c9092883f
- SHA256
  
  051bdf3bc1d0d6ea55002f1ef948d7d98030e27fab7eedd490fea599e88fe999
- SHA512
  
  96b854778150823e06f3c716ac940c68ad043738cc26e9463954b762f4a997493622d95011aab30624a3fafbe963957dad5523a36032971d2bfb2d71dd1d61f2
- SSDEEP
  
  1536:KiENJ5w6DEop70c1Amvfw1wuHjh+tii8MzvX0xya:CTw6Q20AfuHd+Foxya
Score

1^/10
behavioral13
- Target
  
  $TEMP/Ross
- Size
  
  266B
- MD5
  
  d7bb8ffb5e16dc8c0f769202fc2a1048
- SHA1
  
  83f20d171f03fd1cbc2a17a215455ce9e112af6a
- SHA256
  
  16ec82da6adbd96ef332315c570ff4bf99dd3b232f182bce734cdac3224fe6d9
- SHA512
  
  edeb64536dba72a2dbb3ab69f067233f702940eab6e7728f48f594ce5aefec71eaaddc5bed17dc1d103ebba4c132f20c680b7bd2883f7fced9e3c0a1a0380111
Score

1^/10
behavioral14
- Target
  
  $TEMP/Satisfactory
- Size
  
  55KB
- MD5
  
  281281a1c53bc3906cc43075b3420d6f
- SHA1
  
  7284273b4b646c74032b93acac207d0021e7df68
- SHA256
  
  b646819d1c4897739acfa72f13bcf60f416557f7c193e5212d3ea246b0a4d723
- SHA512
  
  4165133069defc9c75be9262b7275a4bdda6d660cf060de3577c69321654186b517a21d31266959f8e456d2738d5bbbf0616f333ca7280af83036f02e0261226
- SSDEEP
  
  1536:/Vy/pUeQkZTQXW/ScEbnDjwQG375B69etk42GRim0pP:Q/V3QmibXW7b6Utk4Pz0pP
Score

1^/10
behavioral15
- Target
  
  Solara/Solara/autoexec/test.lua
- Size
  
  34B
- MD5
  
  f051c998ef025a1ccd4f6f7abe16e55e
- SHA1
  
  2e75e1237531ae3c0647c0fad7cf6ae1687d0e99
- SHA256
  
  601c187ff3410f7c71258bd29c0e48a9f40a046a745093f71e7172decf0f0eae
- SHA512
  
  748cb431b3a2208c07187c80a3c5b5174b2c536fb056e7b48646875cbd4392225da4aaaaf376f16ca79ab854245e7638cf02103f0913abff55e005da482d498a
Score

3^/10
behavioral16
- Target
  
  Solara/Solara/autoexec/test2.lua
- Size
  
  11B
- MD5
  
  701bf4a4743e5e0361e26999881a5ce9
- SHA1
  
  f34d33bcb5c13eae1c15faddc6054e479f74aa28
- SHA256
  
  c2d0a5e0790d97a015387a995c0d0b5eb3e88138466586fc980787c9b1731eb8
- SHA512
  
  8c0eedc5dca108eb9682239164cba3c70ba4c12e4520a9bdfa8efce0416ce51534fcea2ef4dcd7ea2dfc684358a064233165b0bda5287892de2014a1f2b21c6f
Score

3^/10
behavioral17
- Target
  
  Solara/Solara/workspace/.tests/appendfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

3^/10
behavioral18
- Target
  
  Solara/Solara/workspace/.tests/getcustomasset.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

3^/10
behavioral19
- Target
  
  Solara/Solara/workspace/.tests/isfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

3^/10
behavioral20
- Target
  
  Solara/Solara/workspace/.tests/listfiles/test_1.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

3^/10
behavioral21
- Target
  
  Solara/Solara/workspace/.tests/listfiles/test_2.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

3^/10
behavioral22
- Target
  
  Solara/Solara/workspace/.tests/loadfile.txt
- Size
  
  1B
- MD5
  
  8fa14cdd754f91cc6554c9e71929cce7
- SHA1
  
  4a0a19218e082a343a1b17e5333409af9d98f0f5
- SHA256
  
  252f10c83610ebca1a059c0bae8255eba2f95be4d1d7bcfa89d7248a82d9f111
- SHA512
  
  711c22448e721e5491d8245b49425aa861f1fc4a15287f0735e203799b65cffec50b5abd0fddd91cd643aeb3b530d48f05e258e7e230a94ed5025c1387bb4e1b
Score

3^/10
behavioral23
- Target
  
  Solara/Solara/workspace/.tests/readfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

3^/10
behavioral24
- Target
  
  Solara/Solara/workspace/.tests/writefile
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral25
- Target
  
  Solara/Solara/workspace/.tests/writefile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

3^/10
behavioral26
- Target
  
  Solara/Solara/workspace/EzHubLL.txt
- Size
  
  2B
- MD5
  
  99914b932bd37a50b983c5e7c90ae93b
- SHA1
  
  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
- SHA256
  
  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
- SHA512
  
  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
Score

3^/10
behavioral27
- Target
  
  Solara/Solara/workspace/IY_FE.iy
- Size
  
  539B
- MD5
  
  291d5636a434c4f1ceb0f3f776c2a51f
- SHA1
  
  ae287e08f71c522a72812f0dace94b8ffb569341
- SHA256
  
  73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452
- SHA512
  
  7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743
Score

3^/10
behavioral28
- Target
  
  Solara/Solara/workspace/Sky Hub/Sky Hub Settings.json
- Size
  
  52B
- MD5
  
  9a42aefba1beca2d4816e37142fa22db
- SHA1
  
  387384c567a5bd1ca99568c43315ea39bdaec1e0
- SHA256
  
  37dd2675939dcf754c08d0a3776908fc7c996849839dcba037848a943f33240b
- SHA512
  
  77ed2aeab7c10507e74c8001cbafe883d4a308cc3686d0edcf8925db54f00e45337b9ebd7d19c83129cebda0e0eaa9d01a0f5474d0639b6cab5659cfedb80a9b
Score

3^/10
behavioral29

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Executes dropped EXE

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29