General
-
Target
Solaris Executor.zip
-
Size
75.0MB
-
Sample
240702-t4yphswanq
-
MD5
2582b95acdd29d87d13e5bbb177ce7b0
-
SHA1
bee4878687d1167b4c47f97bc81a5672b6d7cd67
-
SHA256
62fd7c23d64d6897325cd9084b9821ad7f812bc6ddb9d56d116121efbe1177c1
-
SHA512
cd4681449f173edf69b42777afa8647456440496c608f35955a12175b4664c462a34dba315fcb67d03f67ec8b446bf5542088e685741e071a5377a06d85ada2c
-
SSDEEP
1572864:hHBIuyN38S2AxUrjMFZNyq72xXG3G7RYEefcvV3WSJVvnDoERfguH67d:hHBIjV8SbWH8wqV3Gt4cvxvnMExH67d
Behavioral task
behavioral1
Sample
Solaris.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Solaris.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Solaris.exe
-
Size
75.4MB
-
MD5
4b04a252512daad6d11c51446573e04d
-
SHA1
540eb73a64c396d5da19c9267a4f60152817db8e
-
SHA256
dc21544389191db1ecad74434878d61245f63335550a20af86d799043bfbbbec
-
SHA512
e6a98e0d404d2e065f5eceef36d9b8d8b560967251fb4564deb4929824c5d603bab8bb0472a2f957e30623f2c4d3e7a38f269b4aaf3aeb39f1a68fa66f2ce1ad
-
SSDEEP
1572864:0gvFUQ6l8GSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWQZn6Oflz:0gvFU1iGSkB05awIxTy5nMHVLteS3bf9
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1