General
-
Target
UpًdSoًlB.zip
-
Size
57.4MB
-
Sample
240916-bjbp5s1fkf
-
MD5
a0aadc5506a127b24998790b02e0e661
-
SHA1
bf5d82e1e1a31f2e03b03992487d10eb71f4f6ad
-
SHA256
7339537dd3d1752dfc974d9aca7378d60937aedb2772b65cc835b92da8125bdb
-
SHA512
945655b0bed54401ecfc25f816363a32dc929fac1b941eb0fdee52be6490bbd6c12035e1438991ff3b5221fbcc44bde9784bf11e1d76a68f8c97de342e5247f3
-
SSDEEP
1572864:Ez0J2zJIMhHQUH73H7fjBQVOH5ERJRpu7SPteM/+KSVPy:Ezrz/H3HzbLBOu56RpZuK4y
Behavioral task
behavioral1
Sample
Solara/Solara V3.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
Solara/bin/api.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
Solara/Solara V3.exe
-
Size
310KB
-
MD5
444dbc4f355017d67eb2d541194fb6ab
-
SHA1
39fcfd8b32462376949cd9b51cecd87fae80fe6b
-
SHA256
ba066e8df172a2f97d5bfc56e0d96d0b1ad275c8eecaf4de2229bfc25bce1958
-
SHA512
e31e953c40c7746a6d31388d014d70d6b80ce5b631972f45134010f028bcbcae739048de201cc1231d01e5deb5e2f668b830ad6e5ea79f4e565cb510bc64df9a
-
SSDEEP
6144:dhorr8uIWa5PKO8Ns9Yz4SdSNNroG01Aqkl2dPhifM9:LoHuW2h8Ns/N2l53if
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
Solara/bin/api
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2