General
-
Target
SolaraV2.exe
-
Size
17.7MB
-
Sample
241114-vhfr9a1jht
-
MD5
260b6ec6ffbc775e27d9dc168f2c904e
-
SHA1
21d618b1704ec72e7c59a7796176aa6db1f6ca18
-
SHA256
988023b9ee83128ca6b4d5417992e1f4325759040bf98947726351b5a82fcf3a
-
SHA512
b4359aaf7dd30b9855cc20f647d00a7f3a2f74106af1defc916221c2947d05c3ce0a023f6f3c8b8dea668c0d6936212bc1b0989d63aa1233f7b1b93fbb7351bf
-
SSDEEP
393216:w+cKNkHwDKDHkO+2M8gCLrUgJZFwIHziK1piXLGVE4Ue0VJ5:HNkAKDEb2HJIgVDiXHi0L5
Behavioral task
behavioral1
Sample
SolaraV2.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
�����e.pyc
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
SolaraV2.exe
-
Size
17.7MB
-
MD5
260b6ec6ffbc775e27d9dc168f2c904e
-
SHA1
21d618b1704ec72e7c59a7796176aa6db1f6ca18
-
SHA256
988023b9ee83128ca6b4d5417992e1f4325759040bf98947726351b5a82fcf3a
-
SHA512
b4359aaf7dd30b9855cc20f647d00a7f3a2f74106af1defc916221c2947d05c3ce0a023f6f3c8b8dea668c0d6936212bc1b0989d63aa1233f7b1b93fbb7351bf
-
SSDEEP
393216:w+cKNkHwDKDHkO+2M8gCLrUgJZFwIHziK1piXLGVE4Ue0VJ5:HNkAKDEb2HJIgVDiXHi0L5
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
�����e.pyc
-
Size
1KB
-
MD5
fbd088ef2c0d513d89619c64a3ca1685
-
SHA1
53659778e5b839f21420aed2b4eee61e0d0d2bc6
-
SHA256
d5b131d2080106d7020c070b3f0fd7a558d529a203ae3b4d55038c53acccd7d2
-
SHA512
fb1560fe6abe6350dadd68ca5c210b79006f37d96cdc1cd3f76ea34d08cad46d99aebad43565c2e61a9c5d8ccb4bafe2a3ede33fb452fad34f8165f48eb537f0
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3