Overview

overview

9

Static

static

3

SolaraB.zip

windows7-x64

3

SolaraB.zip

windows10-2004-x64

1

SolaraB/So...er.exe

windows7-x64

6

SolaraB/So...er.exe

windows10-2004-x64

9

SolaraB/So..._FE.iy

windows7-x64

3

SolaraB/So..._FE.iy

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SolaraB.zip

  • Size

    6KB

  • Sample

    240630-e5c2waxdkl

  • MD5

    b15b5c14f0f55758c10373a4f6901e95

  • SHA1

    7a0f29c66b2b5b387f9dd5ad71c8cc1827da6b2d

  • SHA256

    18ddcf2eba0cfd5f1f79b36250afe9a8a03986c6b73cd55ae1aa412046d33756

  • SHA512

    9b8c58543a5260d45c3d335d6531ba7ace1539f1e1a7e8733fe445846b80e9b8707d64156f701ed420e3217350ee1cacf24b4deafe784554bf88e33cdd31de81

  • SSDEEP

    192:/RJ89IahZ1Ka3u4VyPbKY7OrqbcjJuFl5ctFQnfKM:/RJ89IahX/eo0KYKrUcoMt+nfl

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      SolaraB.zip

    • Size

      6KB

    • MD5

      b15b5c14f0f55758c10373a4f6901e95

    • SHA1

      7a0f29c66b2b5b387f9dd5ad71c8cc1827da6b2d

    • SHA256

      18ddcf2eba0cfd5f1f79b36250afe9a8a03986c6b73cd55ae1aa412046d33756

    • SHA512

      9b8c58543a5260d45c3d335d6531ba7ace1539f1e1a7e8733fe445846b80e9b8707d64156f701ed420e3217350ee1cacf24b4deafe784554bf88e33cdd31de81

    • SSDEEP

      192:/RJ89IahZ1Ka3u4VyPbKY7OrqbcjJuFl5ctFQnfKM:/RJ89IahX/eo0KYKrUcoMt+nfl

    Score
    3/10
    behavioral1behavioral2

    • Target

      SolaraB/Solara/SolaraBootstrapper.exe

    • Size

      13KB

    • MD5

      6557bd5240397f026e675afb78544a26

    • SHA1

      839e683bf68703d373b6eac246f19386bb181713

    • SHA256

      a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

    • SHA512

      f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97

    • SSDEEP

      192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      SolaraB/Solara/workspace/IY_FE.iy

    • Size

      539B

    • MD5

      254236b95c2d6ae908e93a360fb749b8

    • SHA1

      57ed578dbd1230cce16d31ae380394f2a649325c

    • SHA256

      6f6330ec143d653fbbfd14672a534def12ff9325e7aec90b41f65f059ad2ae26

    • SHA512

      812b01941160c6fe41b77ad0f1ce905fb84a552ee6d0d42a4c0b0fbca018718c94ede6c081ea220a2e6e401b4ed2b23d088ce6c70417c860e3d259babc1223c3

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

System Information Discovery

7
T1082

Query Registry

4
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks