Overview
overview
8Static
static
3Bundle-209...AM.zip
windows10-2004-x64
7SolarWinds...TY.zip
windows10-2004-x64
1Solar-PuTTY.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows10-2004-x64
3$_2_/ChromeTabs.dll
windows10-2004-x64
1$_2_/CommandLine.dll
windows10-2004-x64
1$_2_/Commo...or.dll
windows10-2004-x64
1$_2_/GalaS...as.dll
windows10-2004-x64
1$_2_/GalaS...rm.dll
windows10-2004-x64
1$_2_/GalaS...ht.dll
windows10-2004-x64
1$_2_/HtmlA...ck.dll
windows10-2004-x64
1$_2_/Newto...on.dll
windows10-2004-x64
1$_2_/Solar-PuTTY.exe
windows10-2004-x64
7$_2_/Solar...config
windows10-2004-x64
3$_2_/Syste...ns.dll
windows10-2004-x64
1$_2_/Syste...ty.dll
windows10-2004-x64
1$_2_/log4net.dll
windows10-2004-x64
1$_2_/pageant.exe
windows10-2004-x64
1$_2_/putty.exe
windows10-2004-x64
1$_2_/puttygen.exe
windows10-2004-x64
1$_2_/solar-putty.json
windows10-2004-x64
3Solarwinds...al.exe
windows10-2004-x64
8General
-
Target
Bundle-20948-Solar-PuTTY-FT-and-SAM.zip
-
Size
156.4MB
-
Sample
241014-1njc8asbnr
-
MD5
06d4bd535d517308a3e27d5d0d012273
-
SHA1
2a5d622f141a72853643860a96ca680cfff43002
-
SHA256
4d2776d27b44c6fba561f030e87d05b7d4075b2e26bbb52dfd4a3876d1fa91e1
-
SHA512
4c7f812dabd559a9415a28667827375ce2a3d2502a81784e25b53e1056368e6ae6a86cc18ca66089e95c43d2633f52e12b1b0b0d40ae08195f067f5771af9f24
-
SSDEEP
3145728:8Rnh0LgWB+rzEvBHCVU76gCehlpKefMyUumocTPY5d:8Ran+rzyHCVs6gCeheFyUumocbY5d
Static task
static1
Behavioral task
behavioral1
Sample
Bundle-20948-Solar-PuTTY-FT-and-SAM.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
SolarWinds-FT-Solar-PuTTY.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Solar-PuTTY.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$_2_/ChromeTabs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
$_2_/CommandLine.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$_2_/CommonServiceLocator.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
$_2_/GalaSoft.MvvmLight.Extras.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$_2_/GalaSoft.MvvmLight.Platform.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
$_2_/GalaSoft.MvvmLight.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$_2_/HtmlAgilityPack.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
$_2_/Newtonsoft.Json.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$_2_/Solar-PuTTY.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
$_2_/Solar-PuTTY.exe.config
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$_2_/System.Reflection.TypeExtensions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
$_2_/System.Windows.Interactivity.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$_2_/log4net.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
$_2_/pageant.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$_2_/putty.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral20
Sample
$_2_/puttygen.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$_2_/solar-putty.json
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
Solarwinds-SAM-Installer.Eval.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Bundle-20948-Solar-PuTTY-FT-and-SAM.zip
-
Size
156.4MB
-
MD5
06d4bd535d517308a3e27d5d0d012273
-
SHA1
2a5d622f141a72853643860a96ca680cfff43002
-
SHA256
4d2776d27b44c6fba561f030e87d05b7d4075b2e26bbb52dfd4a3876d1fa91e1
-
SHA512
4c7f812dabd559a9415a28667827375ce2a3d2502a81784e25b53e1056368e6ae6a86cc18ca66089e95c43d2633f52e12b1b0b0d40ae08195f067f5771af9f24
-
SSDEEP
3145728:8Rnh0LgWB+rzEvBHCVU76gCehlpKefMyUumocTPY5d:8Ran+rzyHCVs6gCeheFyUumocbY5d
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
SolarWinds-FT-Solar-PuTTY.zip
-
Size
1.6MB
-
MD5
35fb454bbb09b64eb26d9933b86ff8af
-
SHA1
1ac8a49827ce2d67d6fd91e5bd7e154ee30e9a7e
-
SHA256
7ef278d144248e839e78650c152f485142fd3f4c3945d13300a532ba09132b82
-
SHA512
b75e8cb199229f21aaa59a197f62447b0d3fe099ce3b6d9bf377555e25b68310db2f3d616d0ffaa081aec4f9cb8551be2edaa7b5099d96ea328167e5fcbeacf6
-
SSDEEP
49152:iPi5H5daXd+2Pxo8aldCXgPlb9XnZcqhm:yi8O8aXlRXZ6
Score1/10 -
-
-
Target
Solar-PuTTY.exe
-
Size
1.9MB
-
MD5
165cef7991e3674c76e97f5c3d35e38e
-
SHA1
b46d4a4d238a45f72260414c9ef1ba34be23e01a
-
SHA256
04ad4e42029ab11d81f82bbfdcbeb77ffcb3662b623df1c744ca0f30e6b8dfd9
-
SHA512
08773c21cf5ffc8e768df090af9ba8b916ec54afb49d43bea81ba94e8ca15cafae37cc2d4dbdc8a63dd218906dc89a30cedad91e92eb37da773204222bfdc021
-
SSDEEP
24576:gFli3xNkt9UKp+yhwLYWFlJH0Mq70odfJ8aEjoCoFKdP2mL9rzGUrHBD+ElCpFUz:yistKKVhAl5y0odfIoXSPTL9rzLJw25
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
b0c77267f13b2f87c084fd86ef51ccfc
-
SHA1
f7543f9e9b4f04386dfbf33c38cbed1bf205afb3
-
SHA256
a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77
-
SHA512
f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e
-
SSDEEP
192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC
Score3/10 -
-
-
Target
$_2_/ChromeTabs.dll
-
Size
47KB
-
MD5
0f3328b8e46908438615756585d6bd4e
-
SHA1
71c14a21ef51d37104d03a42721600435527a340
-
SHA256
33e208cd7ec1aebaf1930788d536a25cb648e9871479b2cff2479f67ff3e21cf
-
SHA512
6461332c8fb7ac403853898557a64299f66cf16d5f7e504714ce8e8071111254387492f23a1f6a83474423a881c2f63dfd7cf9a114f35b0255cdadf0dc3fff16
-
SSDEEP
768:YQIVVNn94XXAOoCYNSWMkN1dWqgkiCNXbiKbVFP4cln6u:YjVVNn94XwOB4IkN1hi2bhf4cR6u
Score1/10 -
-
-
Target
$_2_/CommandLine.dll
-
Size
181KB
-
MD5
412350d8cb73963992fe5a1f1a393446
-
SHA1
d0da7b533b7a46811e343e14a07a5aabc4fa3964
-
SHA256
c1fbb1989141f69d90c46a73d6e3bbd7895f5fc4d267a830c7d5ce0d0fb8d6b2
-
SHA512
25b033ac931fd25394370a84aafb36441d6a6e1d3a57cc8c5b629ac0941af4efd66691aa14c69e79eba9ad4e166b6bc3fa5d1594a22e392881f50c644b2a9749
-
SSDEEP
3072:DCDkN9tZVNN1mctQaFN2Qg61F2Ddw1dtOQ3N/9MFJbZMDBHltcHGO7eY+KJEZgoy:DCDkN9tZVNN/QQYm1F2Ddw1dwQ3l9DaD
Score1/10 -
-
-
Target
$_2_/CommonServiceLocator.dll
-
Size
9KB
-
MD5
181fa402215022dd2e5a19d89db1392d
-
SHA1
90dd2343c497389798cc0aba53863eecdd5e65d8
-
SHA256
0901248381ecd6cb362727a7905f0ebe7b791317b4502f39a8caaaca3326a244
-
SHA512
a442e768a477b9237cd165610e11267d7fbfe608980663c20e597276b343fa745e830104f77e8a76fe705587f5e386ccc797e9676b073ae09da77472ed6d04a8
-
SSDEEP
192:p8jlxHkDc3Y9vGHDnq+SoG4MUzyRxHjgeMSFjgFBZWniW:ajHkDc3Y0I4MUzyxHjgelQWniW
Score1/10 -
-
-
Target
$_2_/GalaSoft.MvvmLight.Extras.dll
-
Size
21KB
-
MD5
810e42e2bbfb536bdc01abf882a24938
-
SHA1
7bd37217aaf5ec27d2f993bb4212b0b8ab94d220
-
SHA256
cb4d844434a8ffbd33531470e094524be27b88ca42b2c2197492bbe8246ea1bb
-
SHA512
176769ef15d87373c53cc39241126bd39ce57b18af0df4d9d2cf68645868dd53090cb5ab93b8ba78303a3e6b5f3888d2150e6def57b26462df1b12fe7450f650
-
SSDEEP
384:+/l5QKk8gdYAT5gb5DoCEJkUvuXctCRJEITSIjZ4qbhPyWAPslJ:ijQKJAW9Ehvvs+CRJxTb6qhPLAPslJ
Score1/10 -
-
-
Target
$_2_/GalaSoft.MvvmLight.Platform.dll
-
Size
13KB
-
MD5
5b958b4229538ac23099ce9ed6f37de4
-
SHA1
32cd46e39c4f6334d28788d5e3afaa19d4fd1041
-
SHA256
2a1114c99533aae7442b298336247350b55caa193c06454ea606d6a394656573
-
SHA512
87b6a509d1cb262e6ba198819ffec3b8e03e4672b031ff918fe406307f750192a73c73dcd8140d8be5dcc8286a79e779fad59189ae7ac759cec6223e55b9b899
-
SSDEEP
384:qKKUx+mQv787sGaP39cVT0ojR97d5tS/iPyrA3UJsgkW:HKnWG/oTZjR97dOaP+A3ksgkW
Score1/10 -
-
-
Target
$_2_/GalaSoft.MvvmLight.dll
-
Size
29KB
-
MD5
af04687248da9e95a7ff65ab538d0bcf
-
SHA1
7511184300e2b6f70bc92333392386a812b2dabf
-
SHA256
b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf
-
SHA512
a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a
-
SSDEEP
768:yQrLeg1z+o9LyepjivwvCGIzCGShkS6fF3xLAJs+d:tKExEJGB4fXLAL
Score1/10 -
-
-
Target
$_2_/HtmlAgilityPack.dll
-
Size
123KB
-
MD5
aa19161141e04ffb5a7429a3694fbda6
-
SHA1
f4d2b52d1d36b6fec689339c2cbdd91481476c79
-
SHA256
a6a114b9c355e4ecb5fe46fff880c1446398603fca80b19328c2a7853ac1c25a
-
SHA512
3f9778f07a9683fa832bae86b2427839621a7058e0debbbc80d0bd3f4a7565a8f8a44fb4016645ed4a54a26240b124c68e7acd2c55a1590dfcefcc613086fb3e
-
SSDEEP
3072:LXxBxpqW+cq2vmqWihssUgbWWWKYVSVjf:9Bx02yqFhagbWWPx
Score1/10 -
-
-
Target
$_2_/Newtonsoft.Json.dll
-
Size
514KB
-
MD5
c53737821b861d454d5248034c3c097c
-
SHA1
6b0da75617a2269493dc1a685d7a0b07f2e48c75
-
SHA256
575e30f98e4ea42c9e516edc8bbb29ad8b50b173a3e6b36b5ba39e133cce9406
-
SHA512
289543f5eea472e9027030e24011bea1e49e91059241fe6eb732e78f51822313e47d1e4769fa1c9c7d6139f6a97dcfef2946836b3383e8643988bf8908162fb9
-
SSDEEP
6144:ZeC37wbJmJ5bd4m15M+S50cK7q2UGu7WEYEaWdDBLH5WHxJ16Wi/h4aBTBFFu4JD:p37Ogr2VAHx7JijBZdPfP
Score1/10 -
-
-
Target
$_2_/Solar-PuTTY.exe
-
Size
1.4MB
-
MD5
fdb3f69637d1d911140e263e957e6e67
-
SHA1
2931e1f0e8597ff27986b879a123bdd1859f2e86
-
SHA256
bf7d94f37a5ed022199766d5159dad0204d31a0b332396f7f4e9a0ee0a1669b1
-
SHA512
4f0f1ef5ede907b929af5f0f7d6522140d33568131632bff53260fda275a7cafcc46d252526e8647e3de2743c190734c6d10407ae19f26e112f09de876ff8adf
-
SSDEEP
6144:5D1d6F+x/dXwTxbC33HjbolD79bZUqxaLYHEP1/vKXEQw8aQROTgEq7OdWnJTSO:kAlw1SoBfaJ/yLaQKgEq7OE
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$_2_/Solar-PuTTY.exe.config
-
Size
3KB
-
MD5
dfde5677049a5c2ad672ac7b044750ad
-
SHA1
cc382c2a292f720109486578c3b7b67bae6dd8c3
-
SHA256
c75b9760a1fe07d4c9c27efdffdaffcd43a21097b8b566d0cbbfecf5d7256e60
-
SHA512
854ec31ddcd86c0cff608a647303800bb8d378c7008d010913a1d92175912543e445cbe8cbd0377ec86da3880c8fa6e690fcabb65c5d36202f5d5b0d691e33b5
Score3/10 -
-
-
Target
$_2_/System.Reflection.TypeExtensions.dll
-
Size
28KB
-
MD5
6f9137aa51dbcb7e0a60c8e9b37078e1
-
SHA1
4a74f579ff57aa0b7f77a936ace433412a68337b
-
SHA256
321a1f04e0b951379be9cc9d02ed2a570261b0d631b080d78d0ff47ff42f1af2
-
SHA512
94d4092a356c956bd73af961d03cd93a2d4101471e443fb920d7737f3caf42ac7c8732bd8fc114e38643612701ed93a7ce7db6c27ee39120d7f05caf4d960180
-
SSDEEP
384:rsPwtH5xwTBukv4kG0WOaW3WJaW1SUA0GftpBj+m+ILKHRN7ElI66nt:4Y5vQLvUQy/iommV66
Score1/10 -
-
-
Target
$_2_/System.Windows.Interactivity.dll
-
Size
54KB
-
MD5
580244bc805220253a87196913eb3e5e
-
SHA1
ce6c4c18cf638f980905b9cb6710ee1fa73bb397
-
SHA256
93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf
-
SHA512
2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0
-
SSDEEP
1536:BYQaIZaEmaOQxn6JxKjtlMZAnuETAV+w4:aIhOQcSLAj4
Score1/10 -
-
-
Target
$_2_/log4net.dll
-
Size
270KB
-
MD5
f64b733eae44c8c66217386d5a0f2bf0
-
SHA1
92683e4fb8d3c7a544dce21e12f24dcc8b600e9c
-
SHA256
af5610c515d2244db98c662636264c8177e89b1afe407f88fd18a41d66f6e7e2
-
SHA512
74aae11529ab5efdbe4c6f7232ba4c24eef570b3bbfea94657940450b34f61503c36dfc560e252f35352bb3d8f54a7a317c9e52ad0b60b9bb666b0dd4913b40f
-
SSDEEP
6144:mT7imnjgXkU4PhLMmgCFZySx5BWd3G2aQ+kLTIMgKmDkP+2JXa+9Ed:mymnsXkU4PhLMmgCFZySx5v2aQ+kLTIm
Score1/10 -
-
-
Target
$_2_/pageant.exe
-
Size
324KB
-
MD5
fb66d534fa8011e46a12b8c842e3bfa1
-
SHA1
c2f5361d351c363cffd3593a483de3a6652eeb6e
-
SHA256
3e2a617ede5daba5a4d532f355206916881fe41925a73d18c8a2c57fc9b3f26e
-
SHA512
99e5367fa80a7a2f7a134a24f2653ddbabfb140aa0e49c00cde73f13f209ed71c0c976185e6c94598d4b8d1b03f0271e5eb60a3e7afbd0fe712397e1ca01fe15
-
SSDEEP
6144:A36HnNRouL5ugrmouNhA3xNdCi0g/ugS8wC45T+okMwALi:RNRlL5uKxNdCQuEg2MhLi
Score1/10 -
-
-
Target
$_2_/putty.exe
-
Size
999KB
-
MD5
b1bb62574146fba056208f8d8b9ea5fd
-
SHA1
b0b61bc4017f2133a5eb37eef333f24ec056b125
-
SHA256
0f7b2f3003c37339676681d8026e124157ad453de9532ac795d0950447233f4c
-
SHA512
ba26cf1089033647a3e5cdaa635aab22b3da535bc72bf61840c7b71275ac147c9ab6274e232ca1ab5045fc9646eaeed050a1cd40ac10be8c6bf24d5759ce97d3
-
SSDEEP
24576:/dcL2kuyBrAyPOkES5l3fzyVAIldBD+xNdC3rAYmkHDi:/dk2kTBrAyP9ES5lLwdBDDRm
Score1/10 -
-
-
Target
$_2_/puttygen.exe
-
Size
358KB
-
MD5
2acb551d1d563623d7bee07fa91aa8a1
-
SHA1
689439ca5d385c1dc7416b1ef9d25111b3d361bc
-
SHA256
9de3b5104bfb30e00bbf9f375a9fbd18878112ccb7c0ab8b611cfc8b47e444d2
-
SHA512
10556728553af99996d14a075b005c1bb15f9e24b0a57c713fb5978ce3febcf90e4f07054dedec5ad20738e05d77be6cf23c35d36c3540c47b3b9b0bc14b277c
-
SSDEEP
6144:iwev53F5ohoAPGjLixCcsDMWYZxNdCi4S/uhQw+1wZKbxTF6:iwk3Eh5GbYZxNdCauaN6
Score1/10 -
-
-
Target
$_2_/solar-putty.json
-
Size
485B
-
MD5
1c33621eb4e751ad9d9067473e7d3da5
-
SHA1
4ffba4d4dbbde498e4f59f93cb2f4200cc80f40f
-
SHA256
6f935e3c67853d8fd8ae42b32401aa2fe1e7a5a62d2952de3bf7bf1d7a54593b
-
SHA512
d3d1ae545840ad4602dfd9ec99346a76a5ad5c200768868ec6c324f9f1c2d38c61251520b8221e50828277706d240c673d62dd57e26f41a8e54f2fa0a4a5a24c
Score3/10 -
-
-
Target
Solarwinds-SAM-Installer.Eval.exe
-
Size
155.1MB
-
MD5
65576f893d075045c9f46bcd2adac6a8
-
SHA1
86a704f9f73be363b29eca51493c08472f2430bb
-
SHA256
c7fbea93a8600fa86e58b413af91f50b1af117472954afc8acbda4e294b6dcd8
-
SHA512
80fa65600d7e4bd866550560012b0c0dc4364041d6fd11366691177f59da754827a7069a48264d18982e657e64e55d80db98f2491868fe7521f2798c57642555
-
SSDEEP
3145728:5JuVGwNkoyMOvR45jRaAIcct0jFu7ij4YGWrn6Zg:5JwkB55KjRa1cctmj4YGWD6Zg
Score8/10-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-