Overview

overview

10

Static

static

10

SolaraV3.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SolaraV3.exe.zip

  • Size

    7.4MB

  • Sample

    241018-wqs8zssfpj

  • MD5

    d7158fcf17c72b2ed19bb7481ccff3c8

  • SHA1

    edfc92edb1f57f563cd8edee418cf79ff87baac7

  • SHA256

    fa73349776c1646d490ffb73e64317121658e457a4217b3badae434eb9dea0f5

  • SHA512

    f8fdafe147e6e14601332ae932f67d5c7157ee92abaa60aef6eae33160fd7f724227478c21d087af26b1dc3d191db9de16c71d9bb4bd4fcdf819402380fbb6cf

  • SSDEEP

    98304:5miMh85BzAAflynupPEVkPebKChG38QPOucYx1YgwtF7xH1cB8KG2GXE0fIl:xMe51Uk2bK2G3N2ucYwTP74GXEN

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      SolaraV3.exe.bin

    • Size

      7.5MB

    • MD5

      11b6557986da2fe9bb31dc3a72170d6f

    • SHA1

      c6964f84ef1aa1e09d2db5a83f44819d6294d91f

    • SHA256

      8d43c698222164b663d8bcf46eaa82947a7df712984570472eb31f81bf167c9e

    • SHA512

      127fd53fc20dc9ec732198aed661698ce15da81e46df33c2894ea1646c205d94c89d4399b2be1b642c726fb910570bd6f7fa5d749683202673514121203a3f90

    • SSDEEP

      196608:Lx8wLSurErvI9pWjg/Qc+4o673pNrabePNNrStMXWTNJe:uurEUWjZZ4dDLIeF1StYwNJe

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks