Overview

overview

10

Static

static

10

!SolaraV3.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    !SolaraV3.exe

  • Size

    7.5MB

  • Sample

    240929-rvybaa1erg

  • MD5

    031a05dc463314df4904b6aab7abb56d

  • SHA1

    d98f758b0126cc2bbfc59d38b23f59ebc8e21c18

  • SHA256

    6f722a19a4b6ce08194823f304f49d31b04fa5d9f609f5dde0ff63bbf307f040

  • SHA512

    974fb85323cc907c327f46ccb0d8bd27348aa049dbfc7f4497906d2daf2dd87602a4f662d5a7a5040b21d833aff315a835b9d4ae11106581d8b0b3e549b7577f

  • SSDEEP

    196608:Tp8wQurErvI9pWjg/Qc+4o673pNrabePNNrStMXWTNJb:IurEUWjZZ4dDLIeF1StYwNJb

Score
10/10
blankgrabberdiscoveryevasionexecutionupx

Malware Config

Targets

    • Target

      !SolaraV3.exe

    • Size

      7.5MB

    • MD5

      031a05dc463314df4904b6aab7abb56d

    • SHA1

      d98f758b0126cc2bbfc59d38b23f59ebc8e21c18

    • SHA256

      6f722a19a4b6ce08194823f304f49d31b04fa5d9f609f5dde0ff63bbf307f040

    • SHA512

      974fb85323cc907c327f46ccb0d8bd27348aa049dbfc7f4497906d2daf2dd87602a4f662d5a7a5040b21d833aff315a835b9d4ae11106581d8b0b3e549b7577f

    • SSDEEP

      196608:Tp8wQurErvI9pWjg/Qc+4o673pNrabePNNrStMXWTNJb:IurEUWjZZ4dDLIeF1StYwNJb

    Score
    10/10
    discoveryevasionexecutionupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks