fd2d329ffbd4a0b2806aabbd909fe70d899c4c4a43a3b87d64a23b23bb16ea38

General

Target

solara.zip
Size

2.7MB
Sample

241230-yawqaavpfm
MD5

55f56644a331f6f8786a6f7478bd892e
SHA1

0b17d6e3c7fdb692e0b7d34fe973f96e30c284a6
SHA256

fd2d329ffbd4a0b2806aabbd909fe70d899c4c4a43a3b87d64a23b23bb16ea38
SHA512

e08ad2d266c5c3f6b9059244969bf5a402b5b29ecdf42a51463074c4b13f68cd531816faaeae02a6b14bbd1940354f523ea370f807718a356d8f874eb28fb42c
SSDEEP

49152:9iBl5SfH3DseM0yjdyzTvLfvzPQR4ktRQvsxJQivrfIuIoQjxnN6dxGNuAW16:9if5ETpgM/zzQmkisnfIuIoQjWcNaA

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  solara.zip
- Size
  
  2.7MB
- MD5
  
  55f56644a331f6f8786a6f7478bd892e
- SHA1
  
  0b17d6e3c7fdb692e0b7d34fe973f96e30c284a6
- SHA256
  
  fd2d329ffbd4a0b2806aabbd909fe70d899c4c4a43a3b87d64a23b23bb16ea38
- SHA512
  
  e08ad2d266c5c3f6b9059244969bf5a402b5b29ecdf42a51463074c4b13f68cd531816faaeae02a6b14bbd1940354f523ea370f807718a356d8f874eb28fb42c
- SSDEEP
  
  49152:9iBl5SfH3DseM0yjdyzTvLfvzPQR4ktRQvsxJQivrfIuIoQjxnN6dxGNuAW16:9if5ETpgM/zzQmkisnfIuIoQjWcNaA
Score

7^/10

discovery
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  solara/solara/BootstrapperV1.23.exe
- Size
  
  800KB
- MD5
  
  02c70d9d6696950c198db93b7f6a835e
- SHA1
  
  30231a467a49cc37768eea0f55f4bea1cbfb48e2
- SHA256
  
  8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
- SHA512
  
  431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
- SSDEEP
  
  12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz
Score

8^/10

discovery
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  solara/solara/BootstrapperV2.08.exe
- Size
  
  2.9MB
- MD5
  
  3f960b403cd616c9f59b3c22fc69aeca
- SHA1
  
  c9878d8dd7cada17525d0fb41626ef10387cb624
- SHA256
  
  8d0e9176ab99c1c4442f8529a5e06a84cf4573b79d21c15022f825ad9c36c84a
- SHA512
  
  bd48219ce56276114a411d4a3b19ff723cf20fe75571faebd43c2567b2a6cc73b77ffe5858ac5f80cec32d79ae3df84ebfc42b80b38af14691727f2c08399761
- SSDEEP
  
  49152:+lcyXfHnaBTof9ePCdkIAm1/kqXfd+/9A90ClY1vz/a/ehH7pNLLn2:sZXfHaFoMIvtkqXf0FUlY17Oe97vLn
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6