Overview

overview

10

Static

static

3

Solara.exe

windows10-2004-x64

10

inject.dll

windows10-2004-x64

1

main.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    solara.zip

  • Size

    52KB

  • Sample

    241026-pt5ymavgqr

  • MD5

    1823bb15a118fdfc07356919b322223a

  • SHA1

    a341969ee2c7ec69905de1c92eda0a5a010ec14e

  • SHA256

    e2b08d94c2307ba0e56ffc8b4146e8fab0310770cff4cda5931c3342a591fdb3

  • SHA512

    66f10c9cf79a6ac187b9ab2294679e83eb7e326bf2cbccbaa1b13f3ee49022f6e85bfa719a695758929ea955e430dca2bd1f1ffa6a2e36feab9cb1c589e86b0d

  • SSDEEP

    768:IFUYgOXwuCxGv+rrtE4J2brbtzLDUt/ttz9BI2/i6c/fho5IWLLe/WYLIvefDbBv:WqOOQ+rZhc+TiL6c/fkLWf/peo

Score
10/10
nitrodiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      Solara.exe

    • Size

      61KB

    • MD5

      c4b8324b5144e4c5aaf54fd2edf7ff35

    • SHA1

      a5ea5afe5c05408a7f9f3a06ab318048194f978e

    • SHA256

      e854a9a2a3055687b6b404c41a548e56747d58318725db61618852ecea0a1e6c

    • SHA512

      06244aee8ac78ca77f0185490054e5b19cbb0e50cb093e0cfcb940440d69d57951b5f981a1042aa8ea81e9dc48f8b8c71b58cd5441fbcb37a68ee8fc932528cd

    • SSDEEP

      768:tKsMqCXfVcWlzM9ZkiANIUsLYLDwUzc80gmq3oP/oD7:tKse1M9ZkiAPPr/0O8/oP

    Score
    10/10
    nitrodiscoverypersistenceransomwarespywarestealer

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

      ransomwarenitro

    • Nitro family

      nitro

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

    • Target

      inject.dll

    • Size

      900KB

    • MD5

      006e35f7b9f1645a870c3e8f75032ba5

    • SHA1

      d831bdb41c5eb56548179fe228adb3c28fbcea9d

    • SHA256

      d5e6e7dede5dc4fe884996aaa68cf0952fa147d5d13bafac6c2acc6a0be15547

    • SHA512

      e6543e5477399207e67c3648c85877035a1db1ac840bdd6d51185d83bf1e87cf170e7a4ddcc3335a7954cbe52cec5c7a977986281c3c5d90a43cefbef9edd608

    • SSDEEP

      768:ZLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLW:0

    Score
    1/10
    behavioral2

    • Target

      main.dll

    • Size

      2.1MB

    • MD5

      863db3705db87d604f24309109af4306

    • SHA1

      419bc6e8057fe6ee100d7a79b88d0f82005babb5

    • SHA256

      95707249a72f0d3e4f5bd34b7b45fbc9c21ec12b35a3cb581231cdda6ea977fd

    • SHA512

      5c543de0adc0d842ed2bf8e52d4e4a1e310f2739f9eed82a4b87c3f6016e5855ad13384d8c1f81dfbe4d21f158951956ab762c21d2b675ba0ea47375649aa066

    • SSDEEP

      768:ZLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLx:/

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks