Solara[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Solara.zip
Size

278KB
MD5

ae7659ddd28dd899f73954109dd9c460
SHA1

1c0495339e78d2bf4b6c8d53e4d5f42d47fc5396
SHA256

3d45be1924b7c40f60290b5f04b9c028aa5963bdeeba793adcf7f7938d095fae
SHA512

8ac46369c3cd615c8c60d020c8ef683c1a31680c6fae2f617fa81bbf5dfe5f0016bba5439dfbc25fc3aaba742f61d00140566f1a0578503ab74d2af13d22c35a
SSDEEP

6144:JndoigYkh4LwttCqLzj96Cm7ZU8Zq/xZz63fmQlbZsfPriUR22:3CVlrhzjkZdqXeuQvs3eM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bootstrapper.exe

Files

Solara.zip
.zip

Password: nigger
Bootstrapper.exe
.exe windows:4 windows x64 arch:x64

Password: nigger

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
INSTRUCTIONS.txt