redline | 745f38f0dd92b5c696a25a2772a46296c12d2535283ae8237abb4b6dbd976da4 | Triage

Submit
Reports

Overview

overview

Static

static

SOLarVA.exe

windows7-x64

9

SOLarVA.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

SOLarVA.exe
Size

4.7MB
Sample

240814-wd1saszfjr
MD5

ddc63bd70b3637c33136be3ad66ed1e1
SHA1

28e5f36693efdd05fc65cef804d4c865c339e939
SHA256

745f38f0dd92b5c696a25a2772a46296c12d2535283ae8237abb4b6dbd976da4
SHA512

0e1cb64749540593042f0cdd7775ac470e61325300a7de8612a9a868fd407940182fb1163cfb6993f8cd3332fca7dcfd8b039dbab5f7a87c0a5354d4c1aa87d0
SSDEEP

98304:wghHWE2yxi5CwaMu/tGvA7MO9P/NK3+x8oncGGT:w8WEflwFu/tGYgOZ/NoO8C

Score

10^/10

redline discovery evasion themida trojan

Static task

static1

themida redline

2 signatures

Behavioral task

behavioral1

Sample

SOLarVA.exe

Resource

win7-20240708-en

discovery evasion themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

SOLarVA.exe

Resource

win10v2004-20240802-en

discovery evasion themida trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  SOLarVA.exe
- Size
  
  4.7MB
- MD5
  
  ddc63bd70b3637c33136be3ad66ed1e1
- SHA1
  
  28e5f36693efdd05fc65cef804d4c865c339e939
- SHA256
  
  745f38f0dd92b5c696a25a2772a46296c12d2535283ae8237abb4b6dbd976da4
- SHA512
  
  0e1cb64749540593042f0cdd7775ac470e61325300a7de8612a9a868fd407940182fb1163cfb6993f8cd3332fca7dcfd8b039dbab5f7a87c0a5354d4c1aa87d0
- SSDEEP
  
  98304:wghHWE2yxi5CwaMu/tGvA7MO9P/NK3+x8oncGGT:w8WEflwFu/tGYgOZ/NoO8C
Score

9^/10

discovery evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemidatrojan

behavioral2

discoveryevasionthemidatrojan

© 2018-2025

Terms | Privacy