Overview

overview

10

Static

static

10

Solara V3/...V3.exe

windows7-x64

10

Solara V3/...V3.exe

windows10-2004-x64

10

Solara V3/wiarpc.dll

windows10-2004-x64

1

Solara V3/...vc.dll

windows10-2004-x64

1

Solara V3/...xt.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Solara V3.rar

  • Size

    1.4MB

  • Sample

    250104-dlq9qazqen

  • MD5

    7b4c7a41b1c7ee828b2f7f111cd067ed

  • SHA1

    b1062487e3f233cf1ba5d1d1878085b7f6fa96a7

  • SHA256

    38be048dda9dfebcea59c2cbf3cf2abb971b96636aefabc8cafa5359efb63bc2

  • SHA512

    03da8476dd97bc834873fda0a0544e8f543e1ec27d03790aaa2ec2d4c525777afa3fbc65ed784706d6c0978fc6a6bb6c9841c02ccd8142d547e50c5370396bb4

  • SSDEEP

    24576:NN/q6d/E3Ce+49qdLldADEV7utO65C3bL/w5EAGFJH4IiXCLCu7:TCgdLldAq2gL/IEAGFJYQ9

Score
10/10
quasarrobotdiscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

robot

C2

tcp://quasarrat12345-50279.portmap.host:50279

Mutex

5b3b6ef6-1f5c-4cf2-a902-f38fc18c6f74

Attributes
  • encryption_key

    044C06AD5B6394C7D3CCD0919FA2C67D30EA87D4

  • install_name

    SolaraV3.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Update

  • subdirectory

    SubDir

Targets

    • Target

      Solara V3/SolaraV3.exe

    • Size

      3.1MB

    • MD5

      3db0c6fb25d98ede3749c5c296227708

    • SHA1

      5d7843d185e9d7f56490bd03094f49c1444fa92a

    • SHA256

      604e26e36c395712913a141ef96bc461385eea54d2182d170196dfee458ea82f

    • SHA512

      461df5b25d7d14d340729177a987f254425d0bf57ca6f00853278d7640c40b6e52966a6465c0add70193fce2fc7a66555f1338e6a3f9eb28e85f3f5bab64b452

    • SSDEEP

      49152:xvrI22SsaNYfdPBldt698dBcjHE82wvBx5ZoGdD3THHB72eh2NT:xvU22SsaNYfdPBldt6+dBcjHiwr

    Score
    10/10
    quasarrobotdiscoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

    • Target

      Solara V3/wiarpc.dll

    • Size

      116KB

    • MD5

      0f96511d533c366fbb66977e6dd3f818

    • SHA1

      9194c66396b53d17216e3e6335454676406e3926

    • SHA256

      289d0f6ec8ee54698ec35b6114be4c3c76f4dcacbdc12075bd05d78f1af5dad6

    • SHA512

      70eb882be00e5c52e470c7c0d6b90c45944d552fb4a9adfa0082029f627087ad45b1fb843623d5d89c3ce48d673f8957d552902e2eeb06ec4063ff3ae4b67590

    • SSDEEP

      1536:x+gK92/dub/hq/EOQlSv/GVQEQeEIj+yJfNb6rScOdkX10Iz1:iRmG6Efj+MfyROdy1v

    Score
    1/10
    behavioral3

    • Target

      Solara V3/wiaservc.dll

    • Size

      784KB

    • MD5

      7cd468fe88d89c4bfddc814d78935b86

    • SHA1

      a9b73f3c1d175be3d73ac090269bae24c830f38a

    • SHA256

      26d23099e288b49479991c3f93471994439fa0e3a954f17ebde50cb03696ab9e

    • SHA512

      90c33a9a3cccd96126cb76eeca1abfa446bf4e57535d62e6351025fa9389ad56d4891e206b3b3410c1c8acf9a5a6cf4aef5e227a51873e86b2337ee5ef354992

    • SSDEEP

      24576:v3PhNxUpouhoZp7OYYH69/Tp3p0vB6RLTTOVBkQEe2wBXoXJPyFfFx1ArYMR:vfhNxUpouhoZp7Ova9/Tp3p0vB6RLTTl

    Score
    1/10
    behavioral4

    • Target

      Solara V3/wiashext.dll

    • Size

      112KB

    • MD5

      8b14471e35fbbe81873980ed293ecaaa

    • SHA1

      c8606f250343b8d2befa4f55de642043133e3ede

    • SHA256

      34407c090180b59ebf1da9486d587df0e091505cf11294df0c636b01064e31a0

    • SHA512

      b1b99c24e365f0e30a5c93527c2df5c23bd4cb2f211385624248b02fe153cfaaa9b3fd968628cb3e6e886270d07eaeb0c1bf950d20b122990ebfac3cc759d163

    • SSDEEP

      3072:mXDXtZHkciF0apqAY/rL22hbvbUHKiVIfTnrVIAzeKI/4lRu7JcalgB1oi0KPpv2:mXDXtZHkJF0apqAY/rL22hbvbUHKiVI/

    Score
    1/10
    behavioral5

MITRE ATT&CK Enterprise v15

Tasks