f9e5fe3194d9734845dd782b8e41065577ed7628a112934f1a57599f8dd92209 | Triage

Sharing

General

Target

Solaraexecutor.zip
Size

30.1MB
Sample

241209-ms4casvmfw
MD5

5b96ce8081bb025c4ad8ae12dc91e102
SHA1

8708c3a51d990a437a4fe003c1fe2bc39e2f65cb
SHA256

f9e5fe3194d9734845dd782b8e41065577ed7628a112934f1a57599f8dd92209
SHA512

39a5e646df49f5c45f24e6aa479dfb40302f939383fdad15d6e3d9de7819aac5a2ec5525fad46ead503fe94d97b11fa587aa0448051d78d37ee8f0f6fdaa146a
SSDEEP

786432:3mA77b6IpMM1QvHzoB/h4pUfbRgo0lJBrPCLaBzR8mHl0:X/b6OMM1QvM/4p8R30lju26m6

Score

8^/10

execution

Malware Config

Targets

- Target
  
  Solaraexecutor.zip
- Size
  
  30.1MB
- MD5
  
  5b96ce8081bb025c4ad8ae12dc91e102
- SHA1
  
  8708c3a51d990a437a4fe003c1fe2bc39e2f65cb
- SHA256
  
  f9e5fe3194d9734845dd782b8e41065577ed7628a112934f1a57599f8dd92209
- SHA512
  
  39a5e646df49f5c45f24e6aa479dfb40302f939383fdad15d6e3d9de7819aac5a2ec5525fad46ead503fe94d97b11fa587aa0448051d78d37ee8f0f6fdaa146a
- SSDEEP
  
  786432:3mA77b6IpMM1QvHzoB/h4pUfbRgo0lJBrPCLaBzR8mHl0:X/b6OMM1QvM/4p8R30lju26m6
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  Bootstraper.exe
- Size
  
  71.0MB
- MD5
  
  e82c016015eb049019b94fd51ecd6e49
- SHA1
  
  bc230a8342944ddb28007baa2bd29cb07b29294e
- SHA256
  
  af5852b2f7312ac76fcd4ec798b8aacf7a5338b329664d2a79a6f31619230828
- SHA512
  
  4faa37bf5cebc40469379671e6fe88344fcc9df54ac99d7ec179f04aeaa5d805d0a935b43d79747542cfc329e1f1e78d95cbe6db9235f994cc0fdfbb6e156b98
- SSDEEP
  
  393216:Hqc1qcLg6WDV34gkpyfVEHqy2I6Sug+FIOMWg6SvbMK1UO9mBX2GWjNYi1M:Kc1qcLgtDV3fq235ghiSjMKny2GWBM
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
behavioral3 behavioral4
- Target
  
  cachehandler.dll
- Size
  
  4.7MB
- MD5
  
  a7b7470c347f84365ffe1b2072b4f95c
- SHA1
  
  57a96f6fb326ba65b7f7016242132b3f9464c7a3
- SHA256
  
  af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
- SHA512
  
  83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d
- SSDEEP
  
  49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
Score

1^/10
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5