General
-
Target
solarabootstrapper.exe
-
Size
76.8MB
-
Sample
240817-rmtm5asgqn
-
MD5
b7f83513f7aa52686aa77304c3721e2b
-
SHA1
4d9d605eee2a6867915f77c3e9103d16d41ad1c8
-
SHA256
6ff56cb13fd1d91d0ed8f8adb28dee646cc8a3718da288b1ee7854514f02e84a
-
SHA512
b3135e41397d31423869efc0c2386c61ec11b896fa1d2a37334fe19dc830a66d088b2d6f9dae1637b309c0d13eea309b85fd1098a63be1bb892546170c2ad71e
-
SSDEEP
1572864:UvHcRlKW4h7vXSk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdg+harFfEpV37U:UvHcRYvhTSkB05awcfLdMpuyhar5Wo
Malware Config
Targets
-
-
Target
solarabootstrapper.exe
-
Size
76.8MB
-
MD5
b7f83513f7aa52686aa77304c3721e2b
-
SHA1
4d9d605eee2a6867915f77c3e9103d16d41ad1c8
-
SHA256
6ff56cb13fd1d91d0ed8f8adb28dee646cc8a3718da288b1ee7854514f02e84a
-
SHA512
b3135e41397d31423869efc0c2386c61ec11b896fa1d2a37334fe19dc830a66d088b2d6f9dae1637b309c0d13eea309b85fd1098a63be1bb892546170c2ad71e
-
SSDEEP
1572864:UvHcRlKW4h7vXSk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdg+harFfEpV37U:UvHcRYvhTSkB05awcfLdMpuyhar5Wo
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-