General
-
Target
SًOvً3.zip
-
Size
57.5MB
-
Sample
240917-dhe3aa1gjn
-
MD5
468f78b532cd84adf573610dba0f699e
-
SHA1
e38a9ac88829f8dfce94115fe949d4e13dd69cb4
-
SHA256
97dc704cd6eec3d2f99111c2f79f73a24fe1d8b82cc5c7ddecabcbb67e3dc2e1
-
SHA512
4060bf34fc2ca9e94fbd63b8601e520121f009f67d17aafd0b17ea760a1e1795751479f60309a6487ab750f9bab0b0ff6b87b2c2b0a2bf8ae9434f4348cde5ce
-
SSDEEP
1572864:y8YOPyjY+AbDDadO7W08iAXayIzgrPu9ge8MOO5RX:OjYbDDAOji6srERX
Behavioral task
behavioral1
Sample
Solara/SolaraBootstrapper.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Solara/SolaraBootstrapper.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Solara/bin/api.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Solara/bin/api.dll
Resource
win10v2004-20240910-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
Solara/SolaraBootstrapper.exe
-
Size
404KB
-
MD5
f513ec15e8ca9a582a0fe74ce4eb2b94
-
SHA1
d214ed7776dfc6268b010c8799d0d4da0e85e245
-
SHA256
71efc2f56f4ae8798a773b3ecaa9dd3d5b364dfaf8b58b8415cea3369dd70354
-
SHA512
3bd5ca1a1e0c2b077aaa1eb9d040a6034f762edc914fa8aba13aa4205c0a5a3d12c8934ea2a1ea1ab286c6654ed3eeeef286b9d3cb8ef5142ad41027fe65fc8d
-
SSDEEP
12288:7HKsldP7ygNkiRp40awd8gMHAmiukycVrg3r7WMhb9iSd:75dPDmGy0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
Solara/bin/api
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score3/10 -