7953e72cb972278e947c83c6a8bdcba35c7f2225566dd1b4fff686077cace832 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

SolaraV3.dll

windows7-x64

9

SolaraV3.dll

windows10-2004-x64

9

Resubmissions

11/08/2024, 19:58

240811-ypwc3azbkb 9

Sharing

Copy URL Twitter E-mail

General

Target

SolaraV3.dll
Size

6.4MB
Sample

240811-ypwc3azbkb
MD5

00d1ec7ef2ab88125ce0bd43a3f62d33
SHA1

fde302f1421b94ae4b9e3aaa4cd4d65bcda40789
SHA256

7953e72cb972278e947c83c6a8bdcba35c7f2225566dd1b4fff686077cace832
SHA512

f56086204dc52a44ab35906a2c55dfe3d2418f8034e51664bcdefe44dd7b16a39d8f87dc0650f6e7e5f9d69ef88e1d4826bf2050cc69ecefd01d9bb958b4e8c6
SSDEEP

196608:SGMIUWMIaAKFHsairmB8tm/+YTN5uyezSnC+v3uBg:TRd4qairmBy0+eQyWR+vgg

Score

9^/10

discovery evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

SolaraV3.dll

Resource

win7-20240704-en

discovery evasion themida trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

SolaraV3.dll

Resource

win10v2004-20240802-en

evasion themida trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  SolaraV3.dll
- Size
  
  6.4MB
- MD5
  
  00d1ec7ef2ab88125ce0bd43a3f62d33
- SHA1
  
  fde302f1421b94ae4b9e3aaa4cd4d65bcda40789
- SHA256
  
  7953e72cb972278e947c83c6a8bdcba35c7f2225566dd1b4fff686077cace832
- SHA512
  
  f56086204dc52a44ab35906a2c55dfe3d2418f8034e51664bcdefe44dd7b16a39d8f87dc0650f6e7e5f9d69ef88e1d4826bf2050cc69ecefd01d9bb958b4e8c6
- SSDEEP
  
  196608:SGMIUWMIaAKFHsairmB8tm/+YTN5uyezSnC+v3uBg:TRd4qairmBy0+eQyWR+vgg
Score

9^/10

discovery evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2025

Terms | Privacy