Overview

overview

10

Static

static

3

SolaraV3.zip

windows7-x64

1

SolaraV3.zip

windows10-2004-x64

1

Boostrapper.exe

windows7-x64

1

Boostrapper.exe

windows10-2004-x64

10

Resubmissions

15/09/2024, 05:45

240915-gfqmsaybne 10

15/09/2024, 05:16

240915-fx7rysxcla 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    SolaraV3.zip

  • Size

    12.7MB

  • Sample

    240915-gfqmsaybne

  • MD5

    a1f8f2f1acfafcc43cd81617d3af83b0

  • SHA1

    0a89e30d3c7e5e06cd1aa7914df12bd2137bd6dc

  • SHA256

    b8b86e6885290ef171f5506bddb6c4514de1f0d778c4dedaaebf772727465e6f

  • SHA512

    2dcc8d14b322b222599e08afe4ee714fb8cf8789ec5ef3b42bfee4a127a0fab069cf07166db3252c7ff83c04ad8774276048d32b0ece8caaf10c304a036b2802

  • SSDEEP

    393216:uPmxKkBFSRbb/5YGLAkY2Ja3kj1BNcZU/hqWFKtfK:uPsu/s2c34B+KqWQC

Score
10/10
defense_evasiondiscoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://pastebin.com/raw/pscHXiNh
exe.dropper

https://pastebin.com/raw/yrjNBPWX

Targets

    • Target

      SolaraV3.zip

    • Size

      12.7MB

    • MD5

      a1f8f2f1acfafcc43cd81617d3af83b0

    • SHA1

      0a89e30d3c7e5e06cd1aa7914df12bd2137bd6dc

    • SHA256

      b8b86e6885290ef171f5506bddb6c4514de1f0d778c4dedaaebf772727465e6f

    • SHA512

      2dcc8d14b322b222599e08afe4ee714fb8cf8789ec5ef3b42bfee4a127a0fab069cf07166db3252c7ff83c04ad8774276048d32b0ece8caaf10c304a036b2802

    • SSDEEP

      393216:uPmxKkBFSRbb/5YGLAkY2Ja3kj1BNcZU/hqWFKtfK:uPsu/s2c34B+KqWQC

    Score
    1/10
    behavioral1behavioral2

    • Target

      Boostrapper.exe

    • Size

      33.3MB

    • MD5

      497708c4dde5e2cb7de906373628e2a6

    • SHA1

      958a531dca0d10ef4d7dfb025936ef2b3b8860c5

    • SHA256

      08415158e03c76ec7a22a5f18c166121ea9194d841486c92aa8a91eaca0a4756

    • SHA512

      97ad3f78e10406efe955f1903c7e800ceec9aab78772f7ff1755543e31f5757e6da229a9b4ca372879d3dad2649f52925e0e8f800e092f3fa5690cb840a5124c

    • SSDEEP

      393216:d76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfonVQx4urYsANulL7NZ:d0LoCOn+2os4urYDNulLBiuN

    Score
    10/10
    defense_evasiondiscoveryexecution

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks