Overview

overview

10

Static

static

10

SolaraBootsrapper.exe

windows7-x64

7

SolaraBootsrapper.exe

windows10-2004-x64

9

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SolaraBootsrapper.exe

  • Size

    21.8MB

  • Sample

    240831-z4w4kswcmf

  • MD5

    40f347ccffb84f8fe97201dc63f18cbc

  • SHA1

    24d9353377a27d3b03ccc09c1ee595979d4667d2

  • SHA256

    faa8a6c4c3649d6bca89270696b68fe6b0f20237ae5e2f0749913151779e02a3

  • SHA512

    07208d2e002eaa3496164facfe9f0f1c4f6e1b8c2e7d76754ebf2e6cb2d978b74b3a7081afa063c636788e29881e9c4973c289aa9085ce3d7015cc1ed2f89c46

  • SSDEEP

    393216:fqPnLFXlrFWo7n0jcwQ8DOETgsvfGQQ+gspj1SRkvE4qQFW16AO4M6m:yPLFXNFpicwQhEznLRydqW16A6

Score
10/10
empyreancredential_accessdiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      SolaraBootsrapper.exe

    • Size

      21.8MB

    • MD5

      40f347ccffb84f8fe97201dc63f18cbc

    • SHA1

      24d9353377a27d3b03ccc09c1ee595979d4667d2

    • SHA256

      faa8a6c4c3649d6bca89270696b68fe6b0f20237ae5e2f0749913151779e02a3

    • SHA512

      07208d2e002eaa3496164facfe9f0f1c4f6e1b8c2e7d76754ebf2e6cb2d978b74b3a7081afa063c636788e29881e9c4973c289aa9085ce3d7015cc1ed2f89c46

    • SSDEEP

      393216:fqPnLFXlrFWo7n0jcwQ8DOETgsvfGQQ+gspj1SRkvE4qQFW16AO4M6m:yPLFXNFpicwQhEznLRydqW16A6

    Score
    9/10
    upxcredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      d1309346ad11e3818a65a53dbd71cb92

    • SHA1

      91eaf951d5d571aeb41074db495ccd046b3f6e16

    • SHA256

      a9fa6c696b08a23f4f107ce739f59e27be04107603641da8dc06a396597af910

    • SHA512

      b0b3aab32ba4c15fe8881ff85efd4d012372bb51c4a9b81fc51ee32aec9494c14a76f248e93a635e55dd92bd5756ec4a45d7170c8e32a14a7b1cb52fdb780cc5

    • SSDEEP

      192:w6Hr2zP4laAJaD8tEWdXwTgSWLKqtCQJhw9F5MdwBJs1Cnw:twBAJqWu0hn2/5Pbw

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks