11a49e73950aa79c817fed5d9697a1dd54ec0a2a49d6912e242723d9362e93b1

Sharing

Copy URL

Twitter E-mail

General

Target

Solara.Dir.zip
Size

8.1MB
Sample

241119-lt5fbavbmp
MD5

3e43dcff99c57b4cb9d97e24e25db99d
SHA1

5faf0c31e64e5e4f12dbef19b691afe34ca3db91
SHA256

11a49e73950aa79c817fed5d9697a1dd54ec0a2a49d6912e242723d9362e93b1
SHA512

ffa859d0614a77fd2d77091e2454b1ede57b9754ac49e6dabde10274db089c51ccd9e6106258c6a462ed5250450c0cf0ba858f4466c7a559364018a949e2a901
SSDEEP

196608:ejClNpI6dq3CGRJaeDL6wNvTdspttcLcTBk1F/2:LIIq3CuMeD2yT+Ttyb2

Score

9^/10

Malware Config

Targets

- Target
  
  Solara.Dir.zip
- Size
  
  8.1MB
- MD5
  
  3e43dcff99c57b4cb9d97e24e25db99d
- SHA1
  
  5faf0c31e64e5e4f12dbef19b691afe34ca3db91
- SHA256
  
  11a49e73950aa79c817fed5d9697a1dd54ec0a2a49d6912e242723d9362e93b1
- SHA512
  
  ffa859d0614a77fd2d77091e2454b1ede57b9754ac49e6dabde10274db089c51ccd9e6106258c6a462ed5250450c0cf0ba858f4466c7a559364018a949e2a901
- SSDEEP
  
  196608:ejClNpI6dq3CGRJaeDL6wNvTdspttcLcTBk1F/2:LIIq3CuMeD2yT+Ttyb2
Score

7^/10
- Executes dropped EXE
behavioral1
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/accepts/package.json
- Size
  
  1KB
- MD5
  
  32a15d6909fcae63e52d8664593d32d5
- SHA1
  
  131ba4d63747e6663a9c19409e43ac034bd532cf
- SHA256
  
  e5716d5d939db08c5c28ec6ae86ed67be5320f91089e2673fca1c5b876e57aa3
- SHA512
  
  6f0e9fe3d034640b8b2f902a5e336b39d818cec504a9c52767f5f08d71bb1903b182771625c110f768a8cc540b071a54afb7810270a09f4edfe5e35dba22fe37
Score

3^/10
behavioral2
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/array-flatten/package.json
- Size
  
  879B
- MD5
  
  cb1aa7f817100a03395dd0163bf6ebe9
- SHA1
  
  fc51b89d0fb7cc640a0495baa4005364e83718c3
- SHA256
  
  5c5e0e10cfa23f163d1fe68aa57a881d09cac39d720e1361c697b86c4d33e0f5
- SHA512
  
  81ffee7b54b11b42aaeeaf1b6fb13ac64e8900e94ffd249fe075c183c3adf8e8451529d82f6a13216c73e5d1a1f57d703d9fcf1e61674020d93b15066d37dc75
Score

3^/10
behavioral3
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/body-parser/package.json
- Size
  
  1KB
- MD5
  
  826bd4315438573ba1a6d88ae2a2aa65
- SHA1
  
  3e27986a947e7d10488739c9afb75f96b646c4c5
- SHA256
  
  0fd31ad69fdcf1e2a94530f9db9c93e96709b690393a14711643123f678ee956
- SHA512
  
  2e98ba8e57cb0950e45d20365d16e86ad94a60cfd4cf103b7d55dae02de677985d37c0f771e16ae0a628cb3b59adce8a9e1742cffc298f18cb7d935d72536e6d
Score

3^/10
behavioral4
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/bytes/package.json
- Size
  
  959B
- MD5
  
  5e3137feec27c5d88693e0cb2ff95d3c
- SHA1
  
  d8fe3e70eb4ecf4bf58385e4b27f89b7ce656a28
- SHA256
  
  99b21c09ce812dc76a06cd87c4753247cb9615c6a8501c5a5a9d9caa22ea2d12
- SHA512
  
  4b4d89317e1a1caae6924f234b75e15bd2f8bd026d316152e6cf3ffac53553bea2995076a8a365f26a96730f36170d115ac35aae6d0888f621f536d795b89a2d
Score

3^/10
behavioral5
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/call-bind/package.json
- Size
  
  2KB
- MD5
  
  7327c5e04c116460b3c73ee92292269a
- SHA1
  
  106489d54a0669a5271c89f87f2072cfb8e66c4f
- SHA256
  
  e8fc7600526cc041bfcd3a562e6cfdb53952a7f7fb4fcc899949e4c51c586155
- SHA512
  
  93f2327154e59b1f6fa2f55659fd5a8bae1da6cb4dc2ea5ef736ed6abbcbb2840286be9346bea22a3dd52371ac842870bd388dcc1e5b673696bc0cad868422d8
Score

3^/10
behavioral6
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/content-disposition/package.json
- Size
  
  1KB
- MD5
  
  5b285d4db057e7e72225e8e928d2ffa3
- SHA1
  
  1b871ffaefe2a1fd69aa9b1538b4003bf0eae9ab
- SHA256
  
  2459c0e8fbeb5716ab06e9ef73747bba46ed2bc52e310bd4e9f0ef1f102da61f
- SHA512
  
  dfe71ab6bcf40f32a26273a94f11439cbe3066bc3216061ee6ea9737d57b1cabf03a0e45b2fc50c4d0097a27e09197c7fd2b60090a91876671d2c709f31a29a4
Score

3^/10
behavioral7
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/content-type/package.json
- Size
  
  1KB
- MD5
  
  0de0482c40698c075e13e4d54ff34466
- SHA1
  
  1545c6d8538d7e59f375d4ae4b0e0d10471a6c1c
- SHA256
  
  bd78a5427ffca1966621301edc6cac2146c8c1e137f122161ba90dca7ec89f77
- SHA512
  
  9f32408067afa748af8d23b4bbbe2657e566017435d4ead1e63b6d12f8bebb671ea82353a302340bb6f1ccd4852a3cb8ed340a3a8af9cd058bd36653b3cd4bcb
Score

3^/10
behavioral8
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/cookie-signature/package.json
- Size
  
  492B
- MD5
  
  076c53814237236a9d1aa999f33ee501
- SHA1
  
  eb071423205fc35573e714baa755e3a9e900a979
- SHA256
  
  ab66777a673ae096d6b5aa51b5edb46b84e6fcd85dc03358c35576e3df0464f5
- SHA512
  
  d5feee2e6c8af31560a3141ebe4254ce66972da9b9e3463eafcea214f49131e325136503de3f0fa76b454f63ebfdbf5d599caf558978aaca5a1656c2c7c8eec1
Score

3^/10
behavioral9
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/cookie/package.json
- Size
  
  1KB
- MD5
  
  d55aa6bd2733ca1031186952d1485f43
- SHA1
  
  dd82a1cea772234696f0489aecacfe9aa8ff943e
- SHA256
  
  e740b0e5656b2029fb858bc93b10312dff16374283a2ecd9caa90848190dff88
- SHA512
  
  e4324126170c2a6d4e01f7bd8774a26babc5abff86692f283bf691e2b435f6b6f2823179e080aabde20d368bb26707a726d54c8d64e7838e215cef074c499598
Score

3^/10
behavioral10
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/debug/package.json
- Size
  
  1KB
- MD5
  
  71a7656944ffe50cc27ebe02491ae49b
- SHA1
  
  8ebf0f80660d982fc68f00f82855696157e74b10
- SHA256
  
  6c3d2c892db282317913ce7c340dd2edccd326bcafd18b644b8738144967d6ee
- SHA512
  
  5b0010b41304e212a22d2c89eff65ce410b000c71c4ab8c7fdba8f549ba0629fe27f37c142058b041fb889bc73e00959ad58f673866ee7d29724687da3c3f320
Score

3^/10
behavioral11
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/define-data-property/package.json
- Size
  
  2KB
- MD5
  
  05b9ba4536b59b74c4b3c95327787004
- SHA1
  
  c9384aa894159ee96e107cdd3002915849fc91fc
- SHA256
  
  bde7f1465b344a24da2b10d2ee99f87edf8e0ecd177c28370b60ad9595de730e
- SHA512
  
  4b81bbd31fd5ddce528fb0ebcefbbda77891f124f7fab9019c5ff1bddddafbb679b5e3d131a94c02b495e47327985fa5ecc613f7a2a109e58f5994b358fc3b0e
Score

3^/10
behavioral12
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/depd/package.json
- Size
  
  1KB
- MD5
  
  7f0a9d228c79f0ee4b89fc6117f1c687
- SHA1
  
  3c10082c1464a6f589aa10cda88285e780ebf857
- SHA256
  
  5a3659bcc2e47b25ebf9f23f38eb9452a58920bfe4b59410bfa6fe84639a3b99
- SHA512
  
  7bdd7259bcb8d79aa41777f03d3a3f8a29b60c2d25104072edba9febeb813e12ef78d31573637702decddbaa97d8fec263bc413bd27dd660ded17d644458cbc2
Score

3^/10
behavioral13
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/destroy/package.json
- Size
  
  1KB
- MD5
  
  6015f23c6e2fd79f4a6e29453ce4dc1d
- SHA1
  
  e12115ed9a1e2c56eb35ecfc14ff83b8c02935d5
- SHA256
  
  f865b50652dc062f43142e01f55db2760cc10d255bd05afd232e738999c58188
- SHA512
  
  1a09253a53e4067abb67e51d3efc6483da2984581bb1583805da63a602b525e9b5055b78eedd42e823bda8fcbcd92a69b1d89f72de5e3d867524476c05552ea2
Score

3^/10
behavioral14
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/ee-first/package.json
- Size
  
  859B
- MD5
  
  3ed21090e07ef5dd57729a77c4291cb9
- SHA1
  
  7ffe61f87f94a558fabc177cad5c9b90b16481cf
- SHA256
  
  a4eece6ff6b38bf7ac107323f381cc60500097a9cbdd473f5d5b45e68822cb89
- SHA512
  
  54de61c6ab428104f9a559ecd3df7868ab7f1b5c8b85a3f658c8dab13d435bd0766c6b48178a1d5bd083b0829f6461158e303538c7d08761b201b17f7c9940b3
Score

3^/10
behavioral15
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/encodeurl/package.json
- Size
  
  1KB
- MD5
  
  453a9bb10c91e0ec44f305b14e30ce82
- SHA1
  
  73c01b81f34a9978b158df2744ef8c45251d6193
- SHA256
  
  30b1a43843675f42033fd6c77c19b20ad4344844f0bd5526c586081e93a48fe8
- SHA512
  
  d81ee5f2394493a5f93918ecae6581f82ee529fbbd257e0dc10ea68f09c39d0d19e3a6b0e9560eb1250d88a9b1f591d6469f28404410b16b580cbe179e37da0f
Score

3^/10
behavioral16
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/es-define-property/package.json
- Size
  
  2KB
- MD5
  
  c4725fba887a7ff0ac3858d435a1b240
- SHA1
  
  c507e0b1cf2597b64a19af048a41dc1b02fd7fb9
- SHA256
  
  987919fe29ff5debd1274b79e456265a64827269ad681313e845c8e646217ebc
- SHA512
  
  531e6b03ffe25c6acf0c6dd453d4c3756a17498018f1b493acfd8d4253f00cf71052c4bddeba158bf927afed286621c3e06c25121a27dc84e0eca37630103d74
Score

3^/10
behavioral17
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/es-errors/package.json
- Size
  
  2KB
- MD5
  
  7e6b784827a0aff2a05c343f8a53e88d
- SHA1
  
  d13bcb37ab6ab7f0911ce728148cb1c8485a81d1
- SHA256
  
  1a0a0bcccc76b915cb64073317312840cf6363e9144b96f406d0059774dd5278
- SHA512
  
  ba218ca690ca74f2e4feca55f95ae3f1f792b4a067c3133b035265de2e39ca39a8fdfc7fc18a898ff8ca0a5e2a791121d10708ed564496502da824a6167292c7
Score

3^/10
behavioral18
- Target
  
  Solara.Dir/Monaco/fileaccess/node_modules/escape-html/package.json
- Size
  
  434B
- MD5
  
  e9c758769fec9883d5ce3d30b8ee1047
- SHA1
  
  f9d3fd64a0196e77965489ce9b81fe4ce3a9ecb1
- SHA256
  
  bd320a3e9d23249f5f7d3ce72f2fa426e28a6b2704bd2b281d0c92806a1f5223
- SHA512
  
  e54bbb849368a53c620b65d0e4a847869dea8fbb767f3559315d9e031c11f23df4ac9d746b7883caf3f693c748e1b9c90f8789519891ed179399341cd49dcae2
Score

3^/10
behavioral19
- Target
  
  Solara.Dir/Monaco/index.html
- Size
  
  20KB
- MD5
  
  7ed00e10ff463cc9afd05d41fc77ac06
- SHA1
  
  66e162bdbf6df1e1d5b994b8db39fa67ab080783
- SHA256
  
  808f2c68960e6e521975c8c8efaa90a4053cfb207c4042687ea7afdd091543ee
- SHA512
  
  4b598cc17654a866c758c33982e776e522f0177f3c987908a18f62385b393338582efbca149817df7cea66eb8cfaa11d566ebfcb59c88d22156f0f1f4d224285
- SSDEEP
  
  384:FihTARA5LmClk2P5VvW4NGthbVBJjEBh+BILnoamLR7:FihTnlf+lthbVBJegyboamLR7
Score

7^/10

discovery phishing
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Legitimate hosting services abused for malware hosting/C2
behavioral20
- Target
  
  Solara.Dir/Monaco/vs/basic-languages/lua/lua.js
- Size
  
  5KB
- MD5
  
  8706d861294e09a1f2f7e63d19e5fcb7
- SHA1
  
  fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23
- SHA256
  
  fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42
- SHA512
  
  1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f
- SSDEEP
  
  96:SD3yDUfRD5dyVdO29SvE/TMCL8CvcOAtOfxSVkxMZlMfE:nD4Ldyn7Ss/TMmUtOfxhxjE
Score

3^/10

execution
behavioral21
- Target
  
  Solara.Dir/Monaco/vs/editor/editor.main.js
- Size
  
  2.0MB
- MD5
  
  9399a8eaa741d04b0ae6566a5ebb8106
- SHA1
  
  5646a9d35b773d784ad914417ed861c5cba45e31
- SHA256
  
  93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18
- SHA512
  
  d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8
- SSDEEP
  
  24576:SmmBNDw4gCXJkB4nIg2IxhbaeZYIMsNjvit4f:wDw4gCXJk62+aeKIMsNjvit4f
Score

3^/10

execution
behavioral22
- Target
  
  Solara.Dir/Monaco/vs/editor/editor.main.nls.js
- Size
  
  31KB
- MD5
  
  74dd2381ddbb5af80ce28aefed3068fc
- SHA1
  
  0996dc91842ab20387e08a46f3807a3f77958902
- SHA256
  
  fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48
- SHA512
  
  8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e
- SSDEEP
  
  384:h03CdtOurX25WyV1Vdf40CJjocZC6F7PKUvRjAaswHq9x3H6Sg4NFVlQlUDZpLjb:23mmysb1zVes3pxCSgwgwjhb
Score

3^/10

execution
behavioral23
- Target
  
  Solara.Dir/Monaco/vs/loader.js
- Size
  
  27KB
- MD5
  
  8a3086f6c6298f986bda09080dd003b1
- SHA1
  
  8c7d41c586bfa015fb5cc50a2fdc547711b57c3c
- SHA256
  
  0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9
- SHA512
  
  9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017
- SSDEEP
  
  768:3J6C/c2x0cAu57XQxJRDRi+R/TvrCv3zM2GRl0VEj:Z6grH7qTXRvmDI
Score

3^/10

execution
behavioral24
- Target
  
  Solara.Dir/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral25
- Target
  
  Solara.Dir/WebView2Loader.dll
- Size
  
  133KB
- MD5
  
  a0bd0d1a66e7c7f1d97aedecdafb933f
- SHA1
  
  dd109ac34beb8289030e4ec0a026297b793f64a3
- SHA256
  
  79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
- SHA512
  
  2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
- SSDEEP
  
  3072:e5i6Uab3sFhPk6vEmG1PU6dLXm2ng3esQDqEt2JljdTu:e5P2e6vERtUyTmHEtmI
Score

1^/10
behavioral26
- Target
  
  Solara.Dir/Wpf.Ui.dll
- Size
  
  5.2MB
- MD5
  
  aead90ab96e2853f59be27c4ec1e4853
- SHA1
  
  43cdedde26488d3209e17efff9a51e1f944eb35f
- SHA256
  
  46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
- SHA512
  
  f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
- SSDEEP
  
  98304:Com1p/B6MvSmaRI+VcDNkq4pmvhAHDfyyrhl:W1HZNkq4p
Score

1^/10
behavioral27
- Target
  
  Solara.Dir/cd57e4c171d6e8f5ea8b8f824a6a7316.dll
- Size
  
  4.4MB
- MD5
  
  d2707360ae563a7a10e27beba85a6cd9
- SHA1
  
  686e830b839fc63a65fdebe78aa90edd687e9257
- SHA256
  
  f69022372a947acb86bae76f312ab518c1eb5df954339a46c4be71b4a8f73557
- SHA512
  
  e9f2a99869936f64e427ad081059e35283bd40f2b0d85bffc23d4ce35277778d8bfe98057e077e62955b0299c3182d173cb91a3d96a3b5690e7de61d01a1e000
- SSDEEP
  
  98304:o6jcR4jpGQnM5pSVjCc3fB2EDLqtuc5duUqOOlkc:oVR4jp98pgh52EDOtuOqOOGc
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral28
- Target
  
  Solara.Dir/cd57e4c171d6e8f5ea8b8f824a6a7316.exe
- Size
  
  90KB
- MD5
  
  d84e7f79f4f0d7074802d2d6e6f3579e
- SHA1
  
  494937256229ef022ff05855c3d410ac3e7df721
- SHA256
  
  dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227
- SHA512
  
  ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260
- SSDEEP
  
  1536:gea4Ta4b9I3BbbHVlnOXrPBdfeISRAOl801AbcsqD95wSxdRf3:gea4Ta4JMbb1lnOXrPXe7Yhq5Zf
Score

9^/10

discovery evasion phishing themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral29
- Target
  
  Solara.Dir/libcurl.dll
- Size
  
  522KB
- MD5
  
  e31f5136d91bad0fcbce053aac798a30
- SHA1
  
  ee785d2546aec4803bcae08cdebfd5d168c42337
- SHA256
  
  ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
- SHA512
  
  a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
- SSDEEP
  
  12288:InAnSwPc/1BzyLmI2MB1MqcUfCKHU1XAfK6ae:I6Pc/1BOKtaeqcUaZXm
Score

1^/10
behavioral30
- Target
  
  Solara.Dir/vcruntime140.dll
- Size
  
  99KB
- MD5
  
  7a2b8cfcd543f6e4ebca43162b67d610
- SHA1
  
  c1c45a326249bf0ccd2be2fbd412f1a62fb67024
- SHA256
  
  7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
- SHA512
  
  e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8
- SSDEEP
  
  1536:sC6b39cL/iRDhXq4GZLAy10i5XNC83tTPw98APXbxecbSQ25I4I/Cq:sVPphXq30yvXL5APbxecbSDu
Score

1^/10
behavioral31
- Target
  
  Solara.Dir/zlib1.dll
- Size
  
  113KB
- MD5
  
  75365924730b0b2c1a6ee9028ef07685
- SHA1
  
  a10687c37deb2ce5422140b541a64ac15534250f
- SHA256
  
  945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
- SHA512
  
  c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1
- SSDEEP
  
  3072:wsuxy/bjdeT1dtDCV8SSsfj7cTpHTBfQjxcHE2Fl:wsZ/bRe5PDCV8SLfcFTBIjxyE2Fl
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

A potential corporate email address has been identified in the URL: [email protected]

Legitimate hosting services abused for malware hosting/C2

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Identifies VirtualBox via ACPI registry values (likely anti-VM)

A potential corporate email address has been identified in the URL: [email protected]

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Network Share Discovery

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32