Overview

overview

9

Static

static

1

SolaraV3 B...7_.rar

windows10-2004-x64

9

SolaraV3 B...R7.rar

windows10-2004-x64

3

الباسورد.txt

windows10-2004-x64

1

الباسورد.txt

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    SolaraV3 By SphinxR7_.rar

  • Size

    226KB

  • Sample

    240814-n736hswblp

  • MD5

    9033899dcc4891b2cf80b9d5761f041e

  • SHA1

    dd8da750d2c1e6c3709c32bd16340d394a5e501b

  • SHA256

    5a5e5612e7749bb9d45615c82eb667ccb796cc6442b0e6a357b1f642ae483393

  • SHA512

    8875b4c24b5566b640876621454f5c15896a8a28c0356867c3c47e70da73b29f0d16780092dee81fdd676027cab9c5caece73db35f758a37b224cec3c654c647

  • SSDEEP

    3072:o0+JJDZPgC1gDWabPLmkjYmH8bFRN6AFwzyRua2BNjFTqG3+8Zh/6hGzQF0LoMkT:S3cbR8G8hz9eYyfR3JDcF0EMkhFCL2n

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Targets

    • Target

      SolaraV3 By SphinxR7_.rar

    • Size

      226KB

    • MD5

      9033899dcc4891b2cf80b9d5761f041e

    • SHA1

      dd8da750d2c1e6c3709c32bd16340d394a5e501b

    • SHA256

      5a5e5612e7749bb9d45615c82eb667ccb796cc6442b0e6a357b1f642ae483393

    • SHA512

      8875b4c24b5566b640876621454f5c15896a8a28c0356867c3c47e70da73b29f0d16780092dee81fdd676027cab9c5caece73db35f758a37b224cec3c654c647

    • SSDEEP

      3072:o0+JJDZPgC1gDWabPLmkjYmH8bFRN6AFwzyRua2BNjFTqG3+8Zh/6hGzQF0LoMkT:S3cbR8G8hz9eYyfR3JDcF0EMkhFCL2n

    Score
    9/10
    discoveryevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Blocklisted process makes network request

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      SolaraV3 By SphinxR7.rar

    • Size

      226KB

    • MD5

      24bc4c6b8f93c18285745957f55e3c46

    • SHA1

      684886cabdfffa2549b88bb0aa05ca3e70cd9d33

    • SHA256

      b98c7ca3318bc2ab8cc02b0d92771a678652846a9c0cc1c986bbebb5a38dd557

    • SHA512

      812d94e06077df485861499e803db19dc4c1c5dd62a8e0436a6be64cc4fd429d28eeedb609c513e4f2e3d68cdcbeba3ea5a02e8ae4f5c1dface91e3e9698a9e2

    • SSDEEP

      3072:b0+JJDZPgC1gDWabPLmkjYmH8bFRN6AFwzyRua2BNjFTqG3+8Zh/6hGzQF0LoMk8:x3cbR8G8hz9eYyfR3JDcF0EMkhFCL2Y

    Score
    3/10
    behavioral2

    • Target

      الباسورد.txt

    • Size

      67B

    • MD5

      6bfb3bc72f5344dce0b27f91d7c6f236

    • SHA1

      04d04b9e5b144456e4ba111eab2ac61a52829b10

    • SHA256

      742fd904c7ae8b51db42b0733ca326bcb5814bafb1a2b2587f08182fa244923e

    • SHA512

      112c6e4ff48d8a9b79f74b809e98c19ea745ecbcc656693acd2563b9fdc60caa71dd7ee79680505e24a6ab23a658888afb997cb8d161c51a2c850d273507790e

    Score
    1/10
    behavioral3

    • Target

      الباسورد.txt

    • Size

      67B

    • MD5

      6bfb3bc72f5344dce0b27f91d7c6f236

    • SHA1

      04d04b9e5b144456e4ba111eab2ac61a52829b10

    • SHA256

      742fd904c7ae8b51db42b0733ca326bcb5814bafb1a2b2587f08182fa244923e

    • SHA512

      112c6e4ff48d8a9b79f74b809e98c19ea745ecbcc656693acd2563b9fdc60caa71dd7ee79680505e24a6ab23a658888afb997cb8d161c51a2c850d273507790e

    Score
    1/10
    behavioral4

MITRE ATT&CK Enterprise v15

Tasks