6bd0d676ab04b9918aa310d916686576eb7f81c321103dd5de3a74fd4612e489

Sharing

Copy URL

Twitter E-mail

General

Target

SOLARA soluciones.rar
Size

114.4MB
Sample

240908-p7fwnazbnh
MD5

695064c2f7dd1d1e176d8c495768b3f6
SHA1

b836ba95ff94779106d62ffc0bc0cbf11a0b240a
SHA256

6bd0d676ab04b9918aa310d916686576eb7f81c321103dd5de3a74fd4612e489
SHA512

c2191a1f2910d259458b5a99291a5d85de300695c930ce2164aec5e8dab41ba39a43de6b358c06d3037f40aeb598bcee9fb2c3bf4b3bb0707ae9d846752a6c09
SSDEEP

3145728:IRlHTKMe16Rd/ZzVufef6lNumI+I70EG5MB6Ld:I3KMe8R3VwVlxILg5MMLd

Score

7^/10

Malware Config

Targets

- Target
  
  SOLARA soluciones/Desactivar Windows Defender/Defender_Settings.vbs
- Size
  
  313B
- MD5
  
  b0bf0a477bcca312021177572311e666
- SHA1
  
  ea77332d7779938ae8e92ad35d6dea4f4be37a92
- SHA256
  
  af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9
- SHA512
  
  09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8
Score

1^/10
behavioral1 behavioral2
- Target
  
  SOLARA soluciones/Desactivar Windows Defender/dControl.exe
- Size
  
  447KB
- MD5
  
  58008524a6473bdf86c1040a9a9e39c3
- SHA1
  
  cb704d2e8df80fd3500a5b817966dc262d80ddb8
- SHA256
  
  1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
- SHA512
  
  8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
- SSDEEP
  
  6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral3 behavioral4
- Target
  
  SOLARA soluciones/Microsoft Visual C++ 32bit C++ 64Bit.exe
- Size
  
  24.2MB
- MD5
  
  a8a68bcc74b5022467f12587baf1ef93
- SHA1
  
  046f00c519900fcbf2e6e955fc155b11156a733b
- SHA256
  
  1ad7988c17663cc742b01bef1a6df2ed1741173009579ad50a94434e54f56073
- SHA512
  
  70a05bde549e5a973397cd77fe0c6380807cae768aa98454830f321a0de64bd0da30f31615ae6b4d9f0d244483a571e46024cf51b20fe813a6304a74bd8c0cc2
- SSDEEP
  
  393216:Dwlp+dkBSuF2SfUfn6+eDl2ugjMoA+hxV33wsBH+Jh+5l+BvlOchteAHYhx9vy:DMp+Ty2SfUfnxk/kpsjlOchcEu2
Score

4^/10

discovery
behavioral5 behavioral6
- Target
  
  SOLARA soluciones/Microsoft Visual C++ 32bit.exe
- Size
  
  13.2MB
- MD5
  
  9882a328c8414274555845fa6b542d1e
- SHA1
  
  ab4a97610b127d68c45311deabfbcd8aa7066f4b
- SHA256
  
  510fc8c2112e2bc544fb29a72191eabcc68d3a5a7468d35d7694493bc8593a79
- SHA512
  
  c08d1aa7e6e6215a0cee2793592b65668066c8c984b26675d2b8c09bc7fee21411cb3c0a905eaee7a48e7a47535fa777de21eeb07c78bca7bf3d7bb17192acf2
- SSDEEP
  
  196608:oRjgvJ2flpQcIIS/Rj7BWl+aV8t8z72BxBwBgO42BE6+2DQlMp1sHW5ZDmCCM0Xr:IgRIlptVYmfr7yBG/4pXMHsHW76CsGE
Score

4^/10

discovery
behavioral7 behavioral8
- Target
  
  SOLARA soluciones/MicrosoftEdgeWebview2Setup.exe
- Size
  
  1.6MB
- MD5
  
  8b9812ba27e12c79319d859e97955ca4
- SHA1
  
  3cb35ac811c27e7b21b381dccab55517609190c3
- SHA256
  
  a63d59b2af0c7b2be6984280386042a230dab928e3b426d51a0afb2eff5f98e9
- SHA512
  
  8312081fcca20f1d8d393ea2588c2fd19830eb9b36700ec8bc541cd25c4c2046008f3eec07883056956adae5c56083d43ded74d3122d21555d1e43a9d1ab5618
- SSDEEP
  
  24576:o9ye32wIdWoAH+miAQoCZoWf4fh29ht/5iqSxulBbxAl/f1scgIDnzMwdF9fZ4T+:Qye32wIuAAQZKwEqbBe1scgID7fZcZJ
Score

6^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral10 behavioral9
- Target
  
  SOLARA soluciones/node-v20.12.2-x64.msi
- Size
  
  25.3MB
- MD5
  
  0df081aa47e7159e585488a161a97466
- SHA1
  
  2dc9a592dbb208624aff11a57f97bea89a315973
- SHA256
  
  20c578361911d7b0cf153b293b025970eca383a2c802e0df438ac254aaca165d
- SHA512
  
  2e1b58add6a714281f2ddeb936069c0eb8ce24ae2e440941379c4273afd7f1a96b162d5b88211e8678804bad652e48c99a4993e0e0d0da4d1abd7550d397e836
- SSDEEP
  
  786432:wv0BuexnRXpx/JvPXYbt29ONMpUvcOoVclcx+DB0f9U8:HBuexnRZ/ytnNjoVcak0C
Score

6^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11 behavioral12
- Target
  
  SOLARA soluciones/windowsdesktop-runtime-6.0.28-win-x64.exe
- Size
  
  54.8MB
- MD5
  
  dcb67d9bd74c6c8cb2d46c73e8d927f1
- SHA1
  
  31a3e538e83715271e0738ebe626772783eb558d
- SHA256
  
  cd16597df1d73eedd1f3d9b1247a98123c47a414365bb71a541b27f1b411b74b
- SHA512
  
  984ff5f50f0b59e1edde0926858ac63a5605ea9f2c3e55bdb4fe81aaa805f033a70e43474858187c0c3e7358d4dd9b06b8aea1fd1b15dd0d0c3fc9c1d20cbdaa
- SSDEEP
  
  1572864:rFt0Figp+hmLQ7bHoeBf/J98a9/SOk61PoDle8a:rFt08HhmM/H5f8KG61AD4/
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral13 behavioral14