salatstealer | 19f8b2f1c0fffe8f37dee7acb107554034f73af09de178fcee107a04cb6ea98e

Analysis

max time kernel
420s
max time network
598s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SOLARA.exe
Size

3.1MB
MD5

1e4e8c6d1bf62ff6b365e0cba9c4a6d1
SHA1

2acf897c8414528b0620707c8661d268af0d1222
SHA256

19f8b2f1c0fffe8f37dee7acb107554034f73af09de178fcee107a04cb6ea98e
SHA512

4f537099eacd68f3c825cfb5501f2082c3b43b7e3cdff9755765d9a3b9285cbfadd8374df79c78963404c7c51866eb324482cd0b32e965c121c3beb2736c935c
SSDEEP

49152:AbESTJiIxUpG75B8+8eX2LDIuNWBqBhrh4YPaNvq7EBHgFD82/mc1tQhR5IsaS6m:Ab5TY1G75/IQBq146aRBHgsmsaxGV

Score

10^/10

salatstealer discovery stealer upx

Malware Config

Signatures

Detect SalatStealer payload 31 IoCs

resource	yara_rule
behavioral1/memory/3088-1-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-2-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-3-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-4-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-5-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-6-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-7-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-8-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-9-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-10-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-11-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-12-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-13-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-14-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-15-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-16-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-17-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-18-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-19-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-20-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-21-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-22-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-23-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-24-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-25-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-26-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-27-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-42-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/3088-57-0x00000000008E0000-0x000000000145C000-memory.dmp	family_salatstealer
behavioral1/memory/1132-59-0x0000000000240000-0x0000000000DBC000-memory.dmp	family_salatstealer
behavioral1/memory/1132-58-0x0000000000240000-0x0000000000DBC000-memory.dmp	family_salatstealer

Salatstealer family
salatstealer
salatstealer
SalatStealer is a stealer that takes sceenshot written in Golang.
stealer salatstealer

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3088-0-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-1-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-2-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-3-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-4-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-5-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-6-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-7-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-8-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-9-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-10-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-11-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-12-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-13-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-14-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-15-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-16-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-17-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-18-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-19-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-20-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-21-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-22-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-23-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-24-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-25-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-26-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-27-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-28-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-29-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-30-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-31-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-32-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-33-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-34-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-35-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-36-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-37-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-38-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-39-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-40-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-41-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/3088-42-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/files/0x000800000002424f-47.dat	upx
behavioral1/memory/3088-57-0x00000000008E0000-0x000000000145C000-memory.dmp	upx
behavioral1/memory/1132-56-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-59-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-58-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-60-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-61-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-63-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-64-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-65-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-66-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-67-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-68-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-69-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-70-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-71-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-72-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-73-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-74-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-75-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx
behavioral1/memory/1132-76-0x0000000000240000-0x0000000000DBC000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SOLARA.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3088	SOLARA.exe
3088	SOLARA.exe

C:\Users\Admin\AppData\Local\Temp\SOLARA.exe
"C:\Users\Admin\AppData\Local\Temp\SOLARA.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3088
- C:\Program Files (x86)\Windows Multimedia Platform\taskhostw.exe
  "C:\Program Files (x86)\Windows Multimedia Platform\taskhostw.exe"
  2⤵
  PID:1132

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\PeerDistRepub\smss.exe

Filesize
3.1MB

MD5
1e4e8c6d1bf62ff6b365e0cba9c4a6d1

SHA1
2acf897c8414528b0620707c8661d268af0d1222

SHA256
19f8b2f1c0fffe8f37dee7acb107554034f73af09de178fcee107a04cb6ea98e

SHA512
4f537099eacd68f3c825cfb5501f2082c3b43b7e3cdff9755765d9a3b9285cbfadd8374df79c78963404c7c51866eb324482cd0b32e965c121c3beb2736c935c

Download Submit
memory/1132-76-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-75-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-74-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-73-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-72-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-71-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-70-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-69-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-68-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-67-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-66-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-65-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-64-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-63-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-61-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-60-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-58-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-59-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/1132-56-0x0000000000240000-0x0000000000DBC000-memory.dmp

Filesize
11.5MB

Download
memory/3088-16-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-41-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-22-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-23-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-24-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-25-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-26-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-27-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-28-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-29-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-30-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-31-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-32-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-33-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-34-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-35-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-36-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-37-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-38-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-39-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-40-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-21-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-42-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-20-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-57-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-19-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-18-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-17-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-0-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-15-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-14-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-13-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-12-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-11-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-10-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-9-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-8-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-7-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-6-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-5-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-4-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-3-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-2-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download
memory/3088-1-0x00000000008E0000-0x000000000145C000-memory.dmp

Filesize
11.5MB

Download