Overview

overview

10

Static

static

10

Solara.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Solara.exe

  • Size

    44KB

  • Sample

    250307-s1jkrasqx9

  • MD5

    18d44a2324794e8e1d46dab67f5c13eb

  • SHA1

    a11de6fd18588fa04c3276fbec2da69518c959ff

  • SHA256

    721c9850629a86aa66089272f00fcc5f34c74d24d908668862fd410ea7ffcf03

  • SHA512

    6fc90e70066e2d80e6fec44f1db8bff43415a7ec80f6f0fefedaa75f82de6f76850d844017d58c21509fa71005a78a446a9d4306682abeb22161818a6b7a5245

  • SSDEEP

    768:hhMJ+n2DNw1N1QbEblsUUdvFFRPG9+aL6OOCh+vmbWT:zMUn2uBEbvFw9+aL6OOCYuiT

Score
10/10
xwormexecutionpersistencerattrojan

Malware Config

Targets

    • Target

      Solara.exe

    • Size

      44KB

    • MD5

      18d44a2324794e8e1d46dab67f5c13eb

    • SHA1

      a11de6fd18588fa04c3276fbec2da69518c959ff

    • SHA256

      721c9850629a86aa66089272f00fcc5f34c74d24d908668862fd410ea7ffcf03

    • SHA512

      6fc90e70066e2d80e6fec44f1db8bff43415a7ec80f6f0fefedaa75f82de6f76850d844017d58c21509fa71005a78a446a9d4306682abeb22161818a6b7a5245

    • SSDEEP

      768:hhMJ+n2DNw1N1QbEblsUUdvFFRPG9+aL6OOCh+vmbWT:zMUn2uBEbvFw9+aL6OOCYuiT

    Score
    10/10
    xwormexecutionpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks