General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Credentials
Protocol: ftp- Host:
94.156.8.173 - Port:
21 - Username:
anonymous - Password:
anonymous@
Extracted
Family
lumma
C2
https://contintnetksows.shop/api
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
https://github.com/solaraofficial/Solara-Executor?tab=readme-ov-file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-