General

  • Target

    Bundle-20948-Solar-PuTTY-FT-and-SAM.zip

  • Size

    156.4MB

  • Sample

    241014-1njc8asbnr

  • MD5

    06d4bd535d517308a3e27d5d0d012273

  • SHA1

    2a5d622f141a72853643860a96ca680cfff43002

  • SHA256

    4d2776d27b44c6fba561f030e87d05b7d4075b2e26bbb52dfd4a3876d1fa91e1

  • SHA512

    4c7f812dabd559a9415a28667827375ce2a3d2502a81784e25b53e1056368e6ae6a86cc18ca66089e95c43d2633f52e12b1b0b0d40ae08195f067f5771af9f24

  • SSDEEP

    3145728:8Rnh0LgWB+rzEvBHCVU76gCehlpKefMyUumocTPY5d:8Ran+rzyHCVs6gCeheFyUumocbY5d

Malware Config

Targets

    • Target

      Bundle-20948-Solar-PuTTY-FT-and-SAM.zip

    • Size

      156.4MB

    • MD5

      06d4bd535d517308a3e27d5d0d012273

    • SHA1

      2a5d622f141a72853643860a96ca680cfff43002

    • SHA256

      4d2776d27b44c6fba561f030e87d05b7d4075b2e26bbb52dfd4a3876d1fa91e1

    • SHA512

      4c7f812dabd559a9415a28667827375ce2a3d2502a81784e25b53e1056368e6ae6a86cc18ca66089e95c43d2633f52e12b1b0b0d40ae08195f067f5771af9f24

    • SSDEEP

      3145728:8Rnh0LgWB+rzEvBHCVU76gCehlpKefMyUumocTPY5d:8Ran+rzyHCVs6gCeheFyUumocbY5d

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      SolarWinds-FT-Solar-PuTTY.zip

    • Size

      1.6MB

    • MD5

      35fb454bbb09b64eb26d9933b86ff8af

    • SHA1

      1ac8a49827ce2d67d6fd91e5bd7e154ee30e9a7e

    • SHA256

      7ef278d144248e839e78650c152f485142fd3f4c3945d13300a532ba09132b82

    • SHA512

      b75e8cb199229f21aaa59a197f62447b0d3fe099ce3b6d9bf377555e25b68310db2f3d616d0ffaa081aec4f9cb8551be2edaa7b5099d96ea328167e5fcbeacf6

    • SSDEEP

      49152:iPi5H5daXd+2Pxo8aldCXgPlb9XnZcqhm:yi8O8aXlRXZ6

    Score
    1/10
    • Target

      Solar-PuTTY.exe

    • Size

      1.9MB

    • MD5

      165cef7991e3674c76e97f5c3d35e38e

    • SHA1

      b46d4a4d238a45f72260414c9ef1ba34be23e01a

    • SHA256

      04ad4e42029ab11d81f82bbfdcbeb77ffcb3662b623df1c744ca0f30e6b8dfd9

    • SHA512

      08773c21cf5ffc8e768df090af9ba8b916ec54afb49d43bea81ba94e8ca15cafae37cc2d4dbdc8a63dd218906dc89a30cedad91e92eb37da773204222bfdc021

    • SSDEEP

      24576:gFli3xNkt9UKp+yhwLYWFlJH0Mq70odfJ8aEjoCoFKdP2mL9rzGUrHBD+ElCpFUz:yistKKVhAl5y0odfIoXSPTL9rzLJw25

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b0c77267f13b2f87c084fd86ef51ccfc

    • SHA1

      f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

    • SHA256

      a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

    • SHA512

      f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

    • SSDEEP

      192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC

    Score
    3/10
    • Target

      $_2_/ChromeTabs.dll

    • Size

      47KB

    • MD5

      0f3328b8e46908438615756585d6bd4e

    • SHA1

      71c14a21ef51d37104d03a42721600435527a340

    • SHA256

      33e208cd7ec1aebaf1930788d536a25cb648e9871479b2cff2479f67ff3e21cf

    • SHA512

      6461332c8fb7ac403853898557a64299f66cf16d5f7e504714ce8e8071111254387492f23a1f6a83474423a881c2f63dfd7cf9a114f35b0255cdadf0dc3fff16

    • SSDEEP

      768:YQIVVNn94XXAOoCYNSWMkN1dWqgkiCNXbiKbVFP4cln6u:YjVVNn94XwOB4IkN1hi2bhf4cR6u

    Score
    1/10
    • Target

      $_2_/CommandLine.dll

    • Size

      181KB

    • MD5

      412350d8cb73963992fe5a1f1a393446

    • SHA1

      d0da7b533b7a46811e343e14a07a5aabc4fa3964

    • SHA256

      c1fbb1989141f69d90c46a73d6e3bbd7895f5fc4d267a830c7d5ce0d0fb8d6b2

    • SHA512

      25b033ac931fd25394370a84aafb36441d6a6e1d3a57cc8c5b629ac0941af4efd66691aa14c69e79eba9ad4e166b6bc3fa5d1594a22e392881f50c644b2a9749

    • SSDEEP

      3072:DCDkN9tZVNN1mctQaFN2Qg61F2Ddw1dtOQ3N/9MFJbZMDBHltcHGO7eY+KJEZgoy:DCDkN9tZVNN/QQYm1F2Ddw1dwQ3l9DaD

    Score
    1/10
    • Target

      $_2_/CommonServiceLocator.dll

    • Size

      9KB

    • MD5

      181fa402215022dd2e5a19d89db1392d

    • SHA1

      90dd2343c497389798cc0aba53863eecdd5e65d8

    • SHA256

      0901248381ecd6cb362727a7905f0ebe7b791317b4502f39a8caaaca3326a244

    • SHA512

      a442e768a477b9237cd165610e11267d7fbfe608980663c20e597276b343fa745e830104f77e8a76fe705587f5e386ccc797e9676b073ae09da77472ed6d04a8

    • SSDEEP

      192:p8jlxHkDc3Y9vGHDnq+SoG4MUzyRxHjgeMSFjgFBZWniW:ajHkDc3Y0I4MUzyxHjgelQWniW

    Score
    1/10
    • Target

      $_2_/GalaSoft.MvvmLight.Extras.dll

    • Size

      21KB

    • MD5

      810e42e2bbfb536bdc01abf882a24938

    • SHA1

      7bd37217aaf5ec27d2f993bb4212b0b8ab94d220

    • SHA256

      cb4d844434a8ffbd33531470e094524be27b88ca42b2c2197492bbe8246ea1bb

    • SHA512

      176769ef15d87373c53cc39241126bd39ce57b18af0df4d9d2cf68645868dd53090cb5ab93b8ba78303a3e6b5f3888d2150e6def57b26462df1b12fe7450f650

    • SSDEEP

      384:+/l5QKk8gdYAT5gb5DoCEJkUvuXctCRJEITSIjZ4qbhPyWAPslJ:ijQKJAW9Ehvvs+CRJxTb6qhPLAPslJ

    Score
    1/10
    • Target

      $_2_/GalaSoft.MvvmLight.Platform.dll

    • Size

      13KB

    • MD5

      5b958b4229538ac23099ce9ed6f37de4

    • SHA1

      32cd46e39c4f6334d28788d5e3afaa19d4fd1041

    • SHA256

      2a1114c99533aae7442b298336247350b55caa193c06454ea606d6a394656573

    • SHA512

      87b6a509d1cb262e6ba198819ffec3b8e03e4672b031ff918fe406307f750192a73c73dcd8140d8be5dcc8286a79e779fad59189ae7ac759cec6223e55b9b899

    • SSDEEP

      384:qKKUx+mQv787sGaP39cVT0ojR97d5tS/iPyrA3UJsgkW:HKnWG/oTZjR97dOaP+A3ksgkW

    Score
    1/10
    • Target

      $_2_/GalaSoft.MvvmLight.dll

    • Size

      29KB

    • MD5

      af04687248da9e95a7ff65ab538d0bcf

    • SHA1

      7511184300e2b6f70bc92333392386a812b2dabf

    • SHA256

      b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

    • SHA512

      a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

    • SSDEEP

      768:yQrLeg1z+o9LyepjivwvCGIzCGShkS6fF3xLAJs+d:tKExEJGB4fXLAL

    Score
    1/10
    • Target

      $_2_/HtmlAgilityPack.dll

    • Size

      123KB

    • MD5

      aa19161141e04ffb5a7429a3694fbda6

    • SHA1

      f4d2b52d1d36b6fec689339c2cbdd91481476c79

    • SHA256

      a6a114b9c355e4ecb5fe46fff880c1446398603fca80b19328c2a7853ac1c25a

    • SHA512

      3f9778f07a9683fa832bae86b2427839621a7058e0debbbc80d0bd3f4a7565a8f8a44fb4016645ed4a54a26240b124c68e7acd2c55a1590dfcefcc613086fb3e

    • SSDEEP

      3072:LXxBxpqW+cq2vmqWihssUgbWWWKYVSVjf:9Bx02yqFhagbWWPx

    Score
    1/10
    • Target

      $_2_/Newtonsoft.Json.dll

    • Size

      514KB

    • MD5

      c53737821b861d454d5248034c3c097c

    • SHA1

      6b0da75617a2269493dc1a685d7a0b07f2e48c75

    • SHA256

      575e30f98e4ea42c9e516edc8bbb29ad8b50b173a3e6b36b5ba39e133cce9406

    • SHA512

      289543f5eea472e9027030e24011bea1e49e91059241fe6eb732e78f51822313e47d1e4769fa1c9c7d6139f6a97dcfef2946836b3383e8643988bf8908162fb9

    • SSDEEP

      6144:ZeC37wbJmJ5bd4m15M+S50cK7q2UGu7WEYEaWdDBLH5WHxJ16Wi/h4aBTBFFu4JD:p37Ogr2VAHx7JijBZdPfP

    Score
    1/10
    • Target

      $_2_/Solar-PuTTY.exe

    • Size

      1.4MB

    • MD5

      fdb3f69637d1d911140e263e957e6e67

    • SHA1

      2931e1f0e8597ff27986b879a123bdd1859f2e86

    • SHA256

      bf7d94f37a5ed022199766d5159dad0204d31a0b332396f7f4e9a0ee0a1669b1

    • SHA512

      4f0f1ef5ede907b929af5f0f7d6522140d33568131632bff53260fda275a7cafcc46d252526e8647e3de2743c190734c6d10407ae19f26e112f09de876ff8adf

    • SSDEEP

      6144:5D1d6F+x/dXwTxbC33HjbolD79bZUqxaLYHEP1/vKXEQw8aQROTgEq7OdWnJTSO:kAlw1SoBfaJ/yLaQKgEq7OE

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $_2_/Solar-PuTTY.exe.config

    • Size

      3KB

    • MD5

      dfde5677049a5c2ad672ac7b044750ad

    • SHA1

      cc382c2a292f720109486578c3b7b67bae6dd8c3

    • SHA256

      c75b9760a1fe07d4c9c27efdffdaffcd43a21097b8b566d0cbbfecf5d7256e60

    • SHA512

      854ec31ddcd86c0cff608a647303800bb8d378c7008d010913a1d92175912543e445cbe8cbd0377ec86da3880c8fa6e690fcabb65c5d36202f5d5b0d691e33b5

    Score
    3/10
    • Target

      $_2_/System.Reflection.TypeExtensions.dll

    • Size

      28KB

    • MD5

      6f9137aa51dbcb7e0a60c8e9b37078e1

    • SHA1

      4a74f579ff57aa0b7f77a936ace433412a68337b

    • SHA256

      321a1f04e0b951379be9cc9d02ed2a570261b0d631b080d78d0ff47ff42f1af2

    • SHA512

      94d4092a356c956bd73af961d03cd93a2d4101471e443fb920d7737f3caf42ac7c8732bd8fc114e38643612701ed93a7ce7db6c27ee39120d7f05caf4d960180

    • SSDEEP

      384:rsPwtH5xwTBukv4kG0WOaW3WJaW1SUA0GftpBj+m+ILKHRN7ElI66nt:4Y5vQLvUQy/iommV66

    Score
    1/10
    • Target

      $_2_/System.Windows.Interactivity.dll

    • Size

      54KB

    • MD5

      580244bc805220253a87196913eb3e5e

    • SHA1

      ce6c4c18cf638f980905b9cb6710ee1fa73bb397

    • SHA256

      93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf

    • SHA512

      2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0

    • SSDEEP

      1536:BYQaIZaEmaOQxn6JxKjtlMZAnuETAV+w4:aIhOQcSLAj4

    Score
    1/10
    • Target

      $_2_/log4net.dll

    • Size

      270KB

    • MD5

      f64b733eae44c8c66217386d5a0f2bf0

    • SHA1

      92683e4fb8d3c7a544dce21e12f24dcc8b600e9c

    • SHA256

      af5610c515d2244db98c662636264c8177e89b1afe407f88fd18a41d66f6e7e2

    • SHA512

      74aae11529ab5efdbe4c6f7232ba4c24eef570b3bbfea94657940450b34f61503c36dfc560e252f35352bb3d8f54a7a317c9e52ad0b60b9bb666b0dd4913b40f

    • SSDEEP

      6144:mT7imnjgXkU4PhLMmgCFZySx5BWd3G2aQ+kLTIMgKmDkP+2JXa+9Ed:mymnsXkU4PhLMmgCFZySx5v2aQ+kLTIm

    Score
    1/10
    • Target

      $_2_/pageant.exe

    • Size

      324KB

    • MD5

      fb66d534fa8011e46a12b8c842e3bfa1

    • SHA1

      c2f5361d351c363cffd3593a483de3a6652eeb6e

    • SHA256

      3e2a617ede5daba5a4d532f355206916881fe41925a73d18c8a2c57fc9b3f26e

    • SHA512

      99e5367fa80a7a2f7a134a24f2653ddbabfb140aa0e49c00cde73f13f209ed71c0c976185e6c94598d4b8d1b03f0271e5eb60a3e7afbd0fe712397e1ca01fe15

    • SSDEEP

      6144:A36HnNRouL5ugrmouNhA3xNdCi0g/ugS8wC45T+okMwALi:RNRlL5uKxNdCQuEg2MhLi

    Score
    1/10
    • Target

      $_2_/putty.exe

    • Size

      999KB

    • MD5

      b1bb62574146fba056208f8d8b9ea5fd

    • SHA1

      b0b61bc4017f2133a5eb37eef333f24ec056b125

    • SHA256

      0f7b2f3003c37339676681d8026e124157ad453de9532ac795d0950447233f4c

    • SHA512

      ba26cf1089033647a3e5cdaa635aab22b3da535bc72bf61840c7b71275ac147c9ab6274e232ca1ab5045fc9646eaeed050a1cd40ac10be8c6bf24d5759ce97d3

    • SSDEEP

      24576:/dcL2kuyBrAyPOkES5l3fzyVAIldBD+xNdC3rAYmkHDi:/dk2kTBrAyP9ES5lLwdBDDRm

    Score
    1/10
    • Target

      $_2_/puttygen.exe

    • Size

      358KB

    • MD5

      2acb551d1d563623d7bee07fa91aa8a1

    • SHA1

      689439ca5d385c1dc7416b1ef9d25111b3d361bc

    • SHA256

      9de3b5104bfb30e00bbf9f375a9fbd18878112ccb7c0ab8b611cfc8b47e444d2

    • SHA512

      10556728553af99996d14a075b005c1bb15f9e24b0a57c713fb5978ce3febcf90e4f07054dedec5ad20738e05d77be6cf23c35d36c3540c47b3b9b0bc14b277c

    • SSDEEP

      6144:iwev53F5ohoAPGjLixCcsDMWYZxNdCi4S/uhQw+1wZKbxTF6:iwk3Eh5GbYZxNdCauaN6

    Score
    1/10
    • Target

      $_2_/solar-putty.json

    • Size

      485B

    • MD5

      1c33621eb4e751ad9d9067473e7d3da5

    • SHA1

      4ffba4d4dbbde498e4f59f93cb2f4200cc80f40f

    • SHA256

      6f935e3c67853d8fd8ae42b32401aa2fe1e7a5a62d2952de3bf7bf1d7a54593b

    • SHA512

      d3d1ae545840ad4602dfd9ec99346a76a5ad5c200768868ec6c324f9f1c2d38c61251520b8221e50828277706d240c673d62dd57e26f41a8e54f2fa0a4a5a24c

    Score
    3/10
    • Target

      Solarwinds-SAM-Installer.Eval.exe

    • Size

      155.1MB

    • MD5

      65576f893d075045c9f46bcd2adac6a8

    • SHA1

      86a704f9f73be363b29eca51493c08472f2430bb

    • SHA256

      c7fbea93a8600fa86e58b413af91f50b1af117472954afc8acbda4e294b6dcd8

    • SHA512

      80fa65600d7e4bd866550560012b0c0dc4364041d6fd11366691177f59da754827a7069a48264d18982e657e64e55d80db98f2491868fe7521f2798c57642555

    • SSDEEP

      3145728:5JuVGwNkoyMOvR45jRaAIcct0jFu7ij4YGWrn6Zg:5JwkB55KjRa1cctmj4YGWD6Zg

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks