General
-
Target
Solaris.exe
-
Size
75.4MB
-
Sample
240630-z7rchawbpf
-
MD5
4b04a252512daad6d11c51446573e04d
-
SHA1
540eb73a64c396d5da19c9267a4f60152817db8e
-
SHA256
dc21544389191db1ecad74434878d61245f63335550a20af86d799043bfbbbec
-
SHA512
e6a98e0d404d2e065f5eceef36d9b8d8b560967251fb4564deb4929824c5d603bab8bb0472a2f957e30623f2c4d3e7a38f269b4aaf3aeb39f1a68fa66f2ce1ad
-
SSDEEP
1572864:0gvFUQ6l8GSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWQZn6Oflz:0gvFU1iGSkB05awIxTy5nMHVLteS3bf9
Behavioral task
behavioral1
Sample
Solaris.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Solaris.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Solaris.exe
-
Size
75.4MB
-
MD5
4b04a252512daad6d11c51446573e04d
-
SHA1
540eb73a64c396d5da19c9267a4f60152817db8e
-
SHA256
dc21544389191db1ecad74434878d61245f63335550a20af86d799043bfbbbec
-
SHA512
e6a98e0d404d2e065f5eceef36d9b8d8b560967251fb4564deb4929824c5d603bab8bb0472a2f957e30623f2c4d3e7a38f269b4aaf3aeb39f1a68fa66f2ce1ad
-
SSDEEP
1572864:0gvFUQ6l8GSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWQZn6Oflz:0gvFU1iGSkB05awIxTy5nMHVLteS3bf9
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-