General
-
Target
main.zip
-
Size
1.0MB
-
Sample
241208-zjct7synen
-
MD5
3e1cd5da0520bc3ff5f42216139e0475
-
SHA1
8e97f4f13cfaee55d4a68a617434f38a1ca50551
-
SHA256
85a4fb3e5a14a6d204207accee7e8222ffa0c3139d85c5cc87b2649ef6a38eef
-
SHA512
50759f6e658219793be229aa00e55da6be8711b83411374a4d87d54495cf1c98d209db7106e5b347350c763182096baba85ff69ad74eddf3cb3cd9df346e901e
-
SSDEEP
24576:IztdwShks2CxM0jQRsfzK9DoI+zdseB2GSZYfV+6y6AODJag0yG:GwgkLCaRQoDoIoLB2GSZ6V+6f3E
Behavioral task
behavioral1
Sample
SolaraBootStrapper-main/Bootstrapper.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SolaraBootStrapper-main/Bootstrapper.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
SolaraBootStrapper-main/SolaraBootstrapper.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
SolaraBootStrapper-main/SolaraBootstrapper.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xred
xred.mooo.com
-
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
http://xred.site50.net/syn/SUpdate.ini
https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
http://xred.site50.net/syn/Synaptics.rar
https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
http://xred.site50.net/syn/SSLLibrary.dll
Targets
-
-
Target
SolaraBootStrapper-main/Bootstrapper.exe
-
Size
1.5MB
-
MD5
d4a03084464e8fc23beea44ad84d065f
-
SHA1
9db22b5630e09a42898ef2da5df0a745886bc912
-
SHA256
5154019f133eb1d0673898bd2751222c5c540f0575b40e22ae24be1e5dd03d6b
-
SHA512
ee9e0d4c32443e4bed9da30d07812270c96b2e54a8c1e1bfffbcf746617c9366dcc87ec9004da3d6d5fac94a864ccdf890d4b6e65d74610a46f24c6b8d6d0caf
-
SSDEEP
24576:ynsJ39LyjbJkQFMhmC+6GD9O+ubYHYqRoAQpjFVG0HXqlF4u4:ynsHyjtk2MYC5GDauoAQpjGPl4
Score10/10-
Xred family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
SolaraBootStrapper-main/SolaraBootstrapper.exe
-
Size
766KB
-
MD5
d994d58e87f0deda637e325d0a54a347
-
SHA1
8b72ea95b3569ba1ca12cb7ead4edd6e5694614d
-
SHA256
6607cc8e27767479f97d55d7f4e8073589836bd5bf832ae951f3b565ab0541e3
-
SHA512
cc9959f52a5c55644b85a24d203137ad43408014ea63bf453bd2b36b7a1ad9f937f5e2cae45f6c6a5c732a5928d9edf14f00e768a5584e43ca1c70c7cef94ca9
-
SSDEEP
12288:GMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9i8Oj:GnsJ39LyjbJkQFMhmC+6GD9i
Score10/10-
Xred family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-