General

  • Target

    SolaraB.zip

  • Size

    21.6MB

  • Sample

    241130-yc6y2axkcp

  • MD5

    4be20e311f4588964172e77912841d5b

  • SHA1

    1d6482ff61994aaef4acf2ae6ea093315c91420c

  • SHA256

    fbbaf0517e4f7d05d2da421feba5683f8d87614372415146f087233c7c24a23e

  • SHA512

    a26e322557bb603615d1b5ed83024cc04d87f2b780ffb01a183a7e803670ecb37e6fbfac089a6f22b16c6fb7fa61db63d6a3d8fb786ea79c021862c03f2f9984

  • SSDEEP

    393216:54JxrXtzrTSAXls/8evw8lYb0A9ywb7uwgbAzoWf4+uI+gvV+umU6:mJdXtXTXO8uwM9c7gszo7vgvVr2

Malware Config

Targets

    • Target

      SolaraB/Solara/SolaraBootsrapper.exe

    • Size

      21.8MB

    • MD5

      40f347ccffb84f8fe97201dc63f18cbc

    • SHA1

      24d9353377a27d3b03ccc09c1ee595979d4667d2

    • SHA256

      faa8a6c4c3649d6bca89270696b68fe6b0f20237ae5e2f0749913151779e02a3

    • SHA512

      07208d2e002eaa3496164facfe9f0f1c4f6e1b8c2e7d76754ebf2e6cb2d978b74b3a7081afa063c636788e29881e9c4973c289aa9085ce3d7015cc1ed2f89c46

    • SSDEEP

      393216:fqPnLFXlrFWo7n0jcwQ8DOETgsvfGQQ+gspj1SRkvE4qQFW16AO4M6m:yPLFXNFpicwQhEznLRydqW16A6

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks