Overview
overview
10Static
static
3Solara.zip
windows10-2004-x64
10Solara/Sol...on.dll
windows10-2004-x64
1Solara/Sol...er.dll
windows10-2004-x64
1Solara/Sol...ce.dll
windows10-2004-x64
1Solara/Sol...ce.dll
windows10-2004-x64
1Solara/Sol...ra.exe
windows10-2004-x64
10Solara/Sol...pl.dll
windows10-2004-x64
1Solara/Sol...rn.dll
windows10-2004-x64
1Solara/Sol...fg.dll
windows10-2004-x64
1General
-
Target
Solara.zip
-
Size
14.9MB
-
Sample
240830-j4kgsatfrf
-
MD5
23fa82e27232128a195e621a69bd88a7
-
SHA1
b2d66dba43d8c5415c44f47687f0d4823f16326b
-
SHA256
a281f5e7c6754fc54b941696d4f6cbe7fccbbf72a4978b13997f65961f0da53a
-
SHA512
b9dc0285bafac82de59b727f4ac352e98b00101b4f32e1b1db753e0ceb0e535469f9a6845ac8c84c7ecbd683f99cfa615dfe35441ca0c70b5b5ba6270e84ec97
-
SSDEEP
393216:9AUFhD0H/KYTb+ipl5PdX3qg08I1k2hLeRr8mWd5:9As8KOb+ipx332WcywmK5
Static task
static1
Behavioral task
behavioral1
Sample
Solara.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
Solara/Solara/Debug/Addition.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Solara/Solara/Debug/Helper.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
Solara/Solara/Debug/Resource.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Solara/Solara/Packaged/Resource.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral6
Sample
Solara/Solara/Solara.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Solara/Solara/accessibilitycpl.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral8
Sample
Solara/Solara/oleprn.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Solara/Solara/wwancfg.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
rhadamanthys
https://144.76.133.166:8034/5502b8a765a7d7349/k5851jfq.guti6
Targets
-
-
Target
Solara.zip
-
Size
14.9MB
-
MD5
23fa82e27232128a195e621a69bd88a7
-
SHA1
b2d66dba43d8c5415c44f47687f0d4823f16326b
-
SHA256
a281f5e7c6754fc54b941696d4f6cbe7fccbbf72a4978b13997f65961f0da53a
-
SHA512
b9dc0285bafac82de59b727f4ac352e98b00101b4f32e1b1db753e0ceb0e535469f9a6845ac8c84c7ecbd683f99cfa615dfe35441ca0c70b5b5ba6270e84ec97
-
SSDEEP
393216:9AUFhD0H/KYTb+ipl5PdX3qg08I1k2hLeRr8mWd5:9As8KOb+ipx332WcywmK5
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
Solara/Solara/Debug/Addition.dll
-
Size
30KB
-
MD5
f22e849a370cdf127f48beab596bdd81
-
SHA1
fb1da47c7a246f2cda7f7686a468efafd9933b1e
-
SHA256
8be1f5581437b6f5ba48705e8956c8bc0765bbd1d6053242640c75bd94048aa9
-
SHA512
6ded81fe4d4db69586d74fdb425c4fc8c092508e7e0b49eb141a9045abf40626d14659fa6237a3920e58571ca7acf4911cdf03c4307fd89b6dc5e54172afbc14
-
SSDEEP
768:Fol18SuOO3bBAughXjNPQsXVjWuu7jqWdTS2gS:er6tAugVjN4sXJYjqWdm2V
Score1/10 -
-
-
Target
Solara/Solara/Debug/Helper.dll
-
Size
189B
-
MD5
9bb9aba5dd893bbccfa45e2d75d55d26
-
SHA1
5714796513341ac3159a6a3c23d4769209063d35
-
SHA256
6b325cadd8992d998c4fbc8ed56079c2850b68ea2d38432d51c26ce82b0a5419
-
SHA512
f57df9a4a02bd17772acb3ac1a0d961c53f6940600b58834ae38c198a98ae651a21b382450b267aeffbca4ab262668ae471a78ed99bf9dfa414c1316056a289b
Score1/10 -
-
-
Target
Solara/Solara/Debug/Resource.dll
-
Size
10.7MB
-
MD5
641dadbb3f03938da99bf7c6c4cc482f
-
SHA1
b21bdb69a17642ade8e62fcbd779ff1bc89ea809
-
SHA256
883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
-
SHA512
7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
-
SSDEEP
196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score1/10 -
-
-
Target
Solara/Solara/Packaged/Resource.dll
-
Size
189B
-
MD5
4427aeee68321d0f4d7befa74e669f83
-
SHA1
4670003762a1c217c9e8ea48fcc53f2871a7c341
-
SHA256
a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
-
SHA512
9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score1/10 -
-
-
Target
Solara/Solara/Solara.exe
-
Size
6.2MB
-
MD5
da26c67d857555aeef4f2580e53d7c6d
-
SHA1
fc39f8e1987aa7d8553b052b789a7e6b0d24a68a
-
SHA256
b9536929d0de9b4a18e7646f2ecf59aad20f93092e982be91d20143d599e6c22
-
SHA512
115ff4890967b3a00bf2e192d9e2d8717bc7525bab995ca5db7c5c7d2be6a81888ae9687f51d04d053371088e553381a7844a82433240022bccbc44b319df75d
-
SSDEEP
98304:yyjZJD+ddKUmXQ+ZQaJOV20y89y8dfWwl+ZILeXLel:yEZJD+Xe7ZQaIE0jzWwlXebel
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Suspicious use of SetThreadContext
-
-
-
Target
Solara/Solara/accessibilitycpl.dll
-
Size
274KB
-
MD5
f316026e08074300cbdcd8453bfd3116
-
SHA1
c7494558e98e42930b83349ea816963147242fba
-
SHA256
a28ef80b49f85f95f929d5c40245b05f95d58bb672764c3539ce69098db9bcc2
-
SHA512
cb205111f99cdd4ab930644dfc910f82015175c452be330dcdbee3cff3a07234bf6e77c5967a33fb02ec0bdd993b96b19964160a5511dcfa684a77508aede047
-
SSDEEP
6144:2f/fsr6htcMmmdxeAXXDoDGNIPTympgJp3P:O/fsr6hCtUxeLymW
Score1/10 -
-
-
Target
Solara/Solara/oleprn.dll
-
Size
148KB
-
MD5
e0f375597c9bc2d444be3dc6a65f06e9
-
SHA1
11589152b702675bb211054020e33f2659c34842
-
SHA256
3e595c971729c2eb7879b6ce468d11e286ea98fa8c1abf93abbc5888542013d0
-
SHA512
0299035f227cf1285d1f149c5e67805d1f8c78469fd6fefdbc4616b3f555f7f52c8addc0dc004ce9971223a48892ce0ecee316e4d5dd6583a02093b7d8d866c0
-
SSDEEP
3072:DcSblOUyLB7OCm6U0FRwOyu3tkdwdxyDhkpN0Fc:Dc+8UyLBOmrwOyVOl
Score1/10 -
-
-
Target
Solara/Solara/wwancfg.dll
-
Size
103KB
-
MD5
997b0b584ffab0b7ff9cbbfc60d60bd2
-
SHA1
2985c0144da0e9f5dcc0092ac54a5ff99a63f761
-
SHA256
c4b1f99e87b4568b5b9ff2ded05cebc55376051d44877f5574f2c125566ce604
-
SHA512
b77553b7a2f5a55ad4dfa49f241961ddce650dd490f0b15b52dfc3c7018e2ba7d28f8387e150177ea3cf12c827afa7a2b7b9eec863199a829a11311bd9607b69
-
SSDEEP
1536:IGYSem4xUPfgSD0B7+Kcdo5j0XNijwb8Pxsr8jtlelXLZpFtBH0:xYcpPfgSDWa3dJU88pNpUlXVXjH
Score1/10 -