Overview
overview
7Static
static
3BootstrapperV1.22.exe
windows7-x64
1BootstrapperV1.22.exe
windows10-2004-x64
7workspace/...tra.js
windows7-x64
3workspace/...tra.js
windows10-2004-x64
3workspace/...les.js
windows7-x64
3workspace/...les.js
windows10-2004-x64
3workspace/...p.html
windows7-x64
3workspace/...p.html
windows10-2004-x64
3Resubmissions
09/11/2024, 21:32
241109-1d3zwavrbn 7General
-
Target
SolaraB V1.22.rar
-
Size
2.0MB
-
Sample
241109-1d3zwavrbn
-
MD5
d7f7cd2d7fc3e57dd55cdf96dbc8c94d
-
SHA1
7ded651a348aa8ddfe5b041d51c037221cfac600
-
SHA256
0007c2eb07e667bef93cb4b7b11b0c9aa7650b9ce0611865d59c5a8676fce542
-
SHA512
625c4dc4544ed375cd74feaafa19b72c876be2153584071ac6a93febdb9889b0c76b520da264c1c227a985e17a0b9273c2c02236069f816d602dc259dc0978dc
-
SSDEEP
49152:hulfulX0Vt/bNZVaSKPuHi/uk0tlYYt+hEIy62ddps:ZqJbrT4uVPTe2dLs
Static task
static1
Behavioral task
behavioral1
Sample
BootstrapperV1.22.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
BootstrapperV1.22.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
workspace/MrJack/Saved Scripts/Extra.js
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
workspace/MrJack/Saved Scripts/Extra.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
workspace/MrJack/Saved Scripts/Variables.js
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
workspace/MrJack/Saved Scripts/Variables.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
workspace/Sirius/Assets/startup.html
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
workspace/Sirius/Assets/startup.html
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
BootstrapperV1.22.exe
-
Size
800KB
-
MD5
2a4dcf20b82896be94eb538260c5fb93
-
SHA1
21f232c2fd8132f8677e53258562ad98b455e679
-
SHA256
ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a
-
SHA512
4f1164b2312fb94b7030d6eb6aa9f3502912ffa33505f156443570fc964bfd3bb21ded3cf84092054e07346d2dce83a0907ba33f4ba39ad3fe7a78e836efe288
-
SSDEEP
12288:t0zVvgDNMoWjTmFzAzBocaKjyWtiR1pptHxQ0z:O5vgHWjTwAlocaKjyyItHDz
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
workspace/MrJack/Saved Scripts/Extra.txt
-
Size
48KB
-
MD5
a1a788965a0976af67e3d7500aac8c26
-
SHA1
e2f59057d46e819def76c075925ef8abea4f76cb
-
SHA256
6a5ac881b42656e022f6bf14a397cb0cbe655883590e2333dbc5e8287c129cb7
-
SHA512
50eb17008518ed6ff84902cc347e8d606f229d98efceea1aae3f085cee80f29fe2336f0011ee1271eab6fdf4afc6ed33b3d1c6255779e7b2b2040a52ef59384c
-
SSDEEP
768:gov/8rzUWKbrNDha43uek3YxfL30XW+ubiVxhZ+sF/KlO:3wkXND73FSLbEO
Score3/10 -
-
-
Target
workspace/MrJack/Saved Scripts/Variables.txt
-
Size
8KB
-
MD5
f53842e1112859da4caa18596c86f770
-
SHA1
bf6f30e95aaa4b840bd95c1d2adbd684148ad98b
-
SHA256
4fd800e7b66fa0a24874078303c473095d809a05f99e181b23362bae6a92a8dc
-
SHA512
c9a459a11fef1252deab4c83860caab7160587878269f570d09d072d8a074d5dc0712f0f5358aafc68a11b76e54d5ccbe69b12b10087b7f4aa3c1637392ba315
-
SSDEEP
96:3m7+J9OeWPp7GEUgjCYRgVCtODHGegZMVTkwCJEYmVUHrFAb9BwTVVv2ZCx98pjB:HJY7CgjCYuVCtsH3gM48EYIQd
Score3/10 -
-
-
Target
workspace/Sirius/Assets/startup.wav
-
Size
2KB
-
MD5
76abec15c05d3648314753229c3711ec
-
SHA1
ff5aeea2f61ba8333120d918ab0789488dd6d3f9
-
SHA256
fc035c892d7d627438d28387d22ac26f3e3ebb4933a935f3ebec506bee9a3c18
-
SHA512
85a5a8bd02fc294f6bb4a0118be3c90f5d0d74e461e199ef3afb1aca9462015c2fb0c073f330514a298848c59d2fd7a83c8eac49c664790481ddfb4b30e266bd
Score3/10 -