General
-
Target
Solara_Protect.bat
-
Size
475B
-
Sample
240701-gg9r2sxflh
-
MD5
a723d61769537cf4fec2324ee820a862
-
SHA1
88c59fcc94048be74999b550d53432a79f9ad538
-
SHA256
08eff7248a828c8be4cec506f4a6636998200632d53a9d3d71f1d1d881d597fd
-
SHA512
0a06b2ed3e47f83ac6bc9133d96916251f6dfe57301a9cfd0b2c6830cba3280287147fee0bd6ed2f424107c90f2596f0083ab7320994450661c4b1fda64d0162
Static task
static1
Behavioral task
behavioral1
Sample
Solara_Protect.bat
Resource
win7-20240419-en
Malware Config
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
SolaraFake
anyone-blogging.gl.at.ply.gg:22284
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
Windows.exe
-
install_folder
%Temp%
Targets
-
-
Target
Solara_Protect.bat
-
Size
475B
-
MD5
a723d61769537cf4fec2324ee820a862
-
SHA1
88c59fcc94048be74999b550d53432a79f9ad538
-
SHA256
08eff7248a828c8be4cec506f4a6636998200632d53a9d3d71f1d1d881d597fd
-
SHA512
0a06b2ed3e47f83ac6bc9133d96916251f6dfe57301a9cfd0b2c6830cba3280287147fee0bd6ed2f424107c90f2596f0083ab7320994450661c4b1fda64d0162
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-