General
-
Target
SolaraB V3.131.rar
-
Size
400KB
-
Sample
241210-c9c7bswmdm
-
MD5
bf2419a8779a2e418368e059d7afbac2
-
SHA1
f2c8042e7f176016078ac6b8f396b5936cb18bef
-
SHA256
1a9f40fdac5720f057a6581a18a08ca815b525f4cb10b41271fa46fb3631c7f7
-
SHA512
3d3c14ad42313ca625a3c04ad3fa554e2e38395f8e9e335ae2cd62c60f70400bb87f7039edfc45a2c89f989d68b373998f1c74d6441056538c57cd07ed97e48d
-
SSDEEP
12288:dJrDd1RJhYZxebiWhHyGuKgNJZmvbk/DQ:jrp1zMxCi+x3gjZmKQ
Malware Config
Targets
-
-
Target
SolaraB V3.131/BootstrapperV1.23.exe
-
Size
800KB
-
MD5
02c70d9d6696950c198db93b7f6a835e
-
SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2
-
SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
-
SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
-
SSDEEP
12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
SolaraB V3.131/workspace/VASL.lua
-
Size
406KB
-
MD5
e968ea0877cb597fe5bac88a880dc0c1
-
SHA1
ae26bac0cd13d694d34e170beb17a7a6b7c0e7db
-
SHA256
0001b9a7af128c7a7cad0ec933a838efcde8dafa02120ea208d1dac03571f736
-
SHA512
772803219f21aeb4937460feb6b212cf930c27b9130d0c19a387550799d8c7132d14656b2ba12e5046e341407ace2d179f82932d6d65a27299ed633b2e65d12c
-
SSDEEP
6144:0NJhMAdnIAuu++JYoU2XH7rtWY7/CFtoxvCNi1QIC5Hbh6K0JyaBhVNPYNxMG/A3:0NJGMr5rrtN7QtoxCh0JybAQi
Score3/10 -