General
-
Target
SolaraFixerV2.exe
-
Size
102.4MB
-
Sample
240630-1cjjvazapm
-
MD5
793e221923cece30f95f4e3515444124
-
SHA1
3766bfc1fc52d4833c97835258fe31015c41756d
-
SHA256
a4265614e04677542885cffd035fef96599ca7656a6caf53287bd67f2db8d6f9
-
SHA512
0d2e54e22c6036efc65c2da05646cb20ee9969279508bbd1f82a3eff8404297dc17c91d89202ef01cba3abfd391dabdb1f1c2e904562890b0e0d6e16f20d7f46
-
SSDEEP
3145728:EUCn7pa8S6xjKcBa6c2qHO5iVY2nGQbRe0zJcBWnAX9U:xKVBSWNa6sHCiH1XcBWS
Behavioral task
behavioral1
Sample
SolaraFixerV2.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
SolaraFixerV2.exe
-
Size
102.4MB
-
MD5
793e221923cece30f95f4e3515444124
-
SHA1
3766bfc1fc52d4833c97835258fe31015c41756d
-
SHA256
a4265614e04677542885cffd035fef96599ca7656a6caf53287bd67f2db8d6f9
-
SHA512
0d2e54e22c6036efc65c2da05646cb20ee9969279508bbd1f82a3eff8404297dc17c91d89202ef01cba3abfd391dabdb1f1c2e904562890b0e0d6e16f20d7f46
-
SSDEEP
3145728:EUCn7pa8S6xjKcBa6c2qHO5iVY2nGQbRe0zJcBWnAX9U:xKVBSWNa6sHCiH1XcBWS
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-