Resubmissions

19-08-2024 08:20

240819-j8h5hstblh 10

19-08-2024 08:18

240819-j7arrawgqm 10

19-08-2024 08:16

240819-j594tstamb 10

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-08-2024 08:18

General

  • Target

    Solara.exe

  • Size

    81.2MB

  • MD5

    10d3cf93e2763c12e2cb1861157bd11c

  • SHA1

    3a2995e034de83a7a2007809d62898ff361135f8

  • SHA256

    9edec2d7604cd19e991c680524d372e23b6a56452b2c93b7a9ef45bbedaf47c6

  • SHA512

    c2ef4c4f63f5f47201daa7f9db8923e125297a86bbf93e8f355587a8c8febca60e689bb483de496441cc1d0ac6e65067c9eae696d6e575b4b32e21915e6ca5d4

  • SSDEEP

    1572864:YvxZQglPWjg7vaSk8IpG7V+VPhqHDE7jblgA7iYgj+h58sMw2IrD2:YvxZx9heSkB05awHaeA151

Malware Config

Signatures

  • Enumerates VirtualBox DLL files 2 TTPs 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

  • Sets file to hidden 1 TTPs 1 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 64 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs