Resubmissions

09/11/2024, 21:32

241109-1d3zwavrbn 7

General

  • Target

    SolaraB V1.22.rar

  • Size

    2.0MB

  • Sample

    241109-1d3zwavrbn

  • MD5

    d7f7cd2d7fc3e57dd55cdf96dbc8c94d

  • SHA1

    7ded651a348aa8ddfe5b041d51c037221cfac600

  • SHA256

    0007c2eb07e667bef93cb4b7b11b0c9aa7650b9ce0611865d59c5a8676fce542

  • SHA512

    625c4dc4544ed375cd74feaafa19b72c876be2153584071ac6a93febdb9889b0c76b520da264c1c227a985e17a0b9273c2c02236069f816d602dc259dc0978dc

  • SSDEEP

    49152:hulfulX0Vt/bNZVaSKPuHi/uk0tlYYt+hEIy62ddps:ZqJbrT4uVPTe2dLs

Score
7/10

Malware Config

Targets

    • Target

      BootstrapperV1.22.exe

    • Size

      800KB

    • MD5

      2a4dcf20b82896be94eb538260c5fb93

    • SHA1

      21f232c2fd8132f8677e53258562ad98b455e679

    • SHA256

      ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a

    • SHA512

      4f1164b2312fb94b7030d6eb6aa9f3502912ffa33505f156443570fc964bfd3bb21ded3cf84092054e07346d2dce83a0907ba33f4ba39ad3fe7a78e836efe288

    • SSDEEP

      12288:t0zVvgDNMoWjTmFzAzBocaKjyWtiR1pptHxQ0z:O5vgHWjTwAlocaKjyyItHDz

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      workspace/MrJack/Saved Scripts/Extra.txt

    • Size

      48KB

    • MD5

      a1a788965a0976af67e3d7500aac8c26

    • SHA1

      e2f59057d46e819def76c075925ef8abea4f76cb

    • SHA256

      6a5ac881b42656e022f6bf14a397cb0cbe655883590e2333dbc5e8287c129cb7

    • SHA512

      50eb17008518ed6ff84902cc347e8d606f229d98efceea1aae3f085cee80f29fe2336f0011ee1271eab6fdf4afc6ed33b3d1c6255779e7b2b2040a52ef59384c

    • SSDEEP

      768:gov/8rzUWKbrNDha43uek3YxfL30XW+ubiVxhZ+sF/KlO:3wkXND73FSLbEO

    Score
    3/10
    • Target

      workspace/MrJack/Saved Scripts/Variables.txt

    • Size

      8KB

    • MD5

      f53842e1112859da4caa18596c86f770

    • SHA1

      bf6f30e95aaa4b840bd95c1d2adbd684148ad98b

    • SHA256

      4fd800e7b66fa0a24874078303c473095d809a05f99e181b23362bae6a92a8dc

    • SHA512

      c9a459a11fef1252deab4c83860caab7160587878269f570d09d072d8a074d5dc0712f0f5358aafc68a11b76e54d5ccbe69b12b10087b7f4aa3c1637392ba315

    • SSDEEP

      96:3m7+J9OeWPp7GEUgjCYRgVCtODHGegZMVTkwCJEYmVUHrFAb9BwTVVv2ZCx98pjB:HJY7CgjCYuVCtsH3gM48EYIQd

    Score
    3/10
    • Target

      workspace/Sirius/Assets/startup.wav

    • Size

      2KB

    • MD5

      76abec15c05d3648314753229c3711ec

    • SHA1

      ff5aeea2f61ba8333120d918ab0789488dd6d3f9

    • SHA256

      fc035c892d7d627438d28387d22ac26f3e3ebb4933a935f3ebec506bee9a3c18

    • SHA512

      85a5a8bd02fc294f6bb4a0118be3c90f5d0d74e461e199ef3afb1aca9462015c2fb0c073f330514a298848c59d2fd7a83c8eac49c664790481ddfb4b30e266bd

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks