Extracted

Extracted

• • Target

    Solara.exe

  • Size

    1005KB

  • MD5

    d1a6835f7934684efb8df6b6f2d8a9df

  • SHA1

    56f4e81d4663181f139e5b7b165e41611cbcc472

  • SHA256

    2b0521e21f41e110682b1871824451a9826a4ff2f5691d4e25186b36b0294146

  • SHA512

    c9e0557c3251c7a5d805c6e4047cee99949dab9a702e4e076e4ec0d9f0969b0210f4ca29c36ea7b4e15c43a70c7c076c0718df1b72bac057b2af7f3605f5908d

  • SSDEEP

    12288:xE5dY26i2vTGY1Dg6x7L1uq2/OBPQu43D8fPVle8IoaBcHl8ANTSwAlZw:x2r2yAPC8eRBcHl8gTSHXw

  Score

  10^/10

  44caliberxwormcredential_accessdiscoveryexecutionpersistenceprivilege_escalationratspywarestealertrojan

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Detect Xworm Payload

  • Modifies WinLogon for persistence

    persistence

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Event Triggered Execution: AppInit DLLs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2