General

  • Target

    SolaraBootsrapper.exe

  • Size

    21.8MB

  • Sample

    241130-x9jz4aspbx

  • MD5

    40f347ccffb84f8fe97201dc63f18cbc

  • SHA1

    24d9353377a27d3b03ccc09c1ee595979d4667d2

  • SHA256

    faa8a6c4c3649d6bca89270696b68fe6b0f20237ae5e2f0749913151779e02a3

  • SHA512

    07208d2e002eaa3496164facfe9f0f1c4f6e1b8c2e7d76754ebf2e6cb2d978b74b3a7081afa063c636788e29881e9c4973c289aa9085ce3d7015cc1ed2f89c46

  • SSDEEP

    393216:fqPnLFXlrFWo7n0jcwQ8DOETgsvfGQQ+gspj1SRkvE4qQFW16AO4M6m:yPLFXNFpicwQhEznLRydqW16A6

Malware Config

Targets

    • Target

      SolaraBootsrapper.exe

    • Size

      21.8MB

    • MD5

      40f347ccffb84f8fe97201dc63f18cbc

    • SHA1

      24d9353377a27d3b03ccc09c1ee595979d4667d2

    • SHA256

      faa8a6c4c3649d6bca89270696b68fe6b0f20237ae5e2f0749913151779e02a3

    • SHA512

      07208d2e002eaa3496164facfe9f0f1c4f6e1b8c2e7d76754ebf2e6cb2d978b74b3a7081afa063c636788e29881e9c4973c289aa9085ce3d7015cc1ed2f89c46

    • SSDEEP

      393216:fqPnLFXlrFWo7n0jcwQ8DOETgsvfGQQ+gspj1SRkvE4qQFW16AO4M6m:yPLFXNFpicwQhEznLRydqW16A6

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks