347743a762f65cb091a86db4f85a2701a4888393e460b9cade5d537d1db21be1 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

SolaraBoot...2).exe

windows7-x64

7

SolaraBoot...2).exe

windows10-2004-x64

8

Sharing

General

Target

SolaraBootstrapper (2).exe
Size

14.7MB
Sample

240705-c933ratamc
MD5

574d7b18b6ba272552b39ddfa54a60ca
SHA1

8458ff8150611486a89a990f39a788eb1de94d01
SHA256

347743a762f65cb091a86db4f85a2701a4888393e460b9cade5d537d1db21be1
SHA512

fc122163000f5bb027e34ba2c4020f622bb77c44b86d2abf7ad7ad4df84ab067c73dacb3319282fceff78b06ec0abff1b7b5fdfb1cbee9069e805911b9fced71
SSDEEP

393216:Ya92bgIF5L1V8diurEUWjuzKnpEfOKSUuK+xh:j947RFdbu2npqS7K+/

Score

8^/10

defense_evasion execution spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

SolaraBootstrapper (2).exe

Resource

win7-20240704-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

SolaraBootstrapper (2).exe

Resource

win10v2004-20240704-en

defense_evasion execution spyware stealer upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  SolaraBootstrapper (2).exe
- Size
  
  14.7MB
- MD5
  
  574d7b18b6ba272552b39ddfa54a60ca
- SHA1
  
  8458ff8150611486a89a990f39a788eb1de94d01
- SHA256
  
  347743a762f65cb091a86db4f85a2701a4888393e460b9cade5d537d1db21be1
- SHA512
  
  fc122163000f5bb027e34ba2c4020f622bb77c44b86d2abf7ad7ad4df84ab067c73dacb3319282fceff78b06ec0abff1b7b5fdfb1cbee9069e805911b9fced71
- SSDEEP
  
  393216:Ya92bgIF5L1V8diurEUWjuzKnpEfOKSUuK+xh:j947RFdbu2npqS7K+/
Score

8^/10

upx defense_evasion execution spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

defense_evasionexecutionspywarestealerupx

© 2018-2024

Terms | Privacy