SolarMarker

SolarMarker/Jupyter infostealer. PowerShell embedded host. Fake MSVCR120.dll error. Base64 payload. PSHost automation.

Threat Profile
Type Backdoor
Programming LanguagePowerShell/.NET
C2 ProtocolHTTPS
First Seen2020
Targets Kurumsal
Purpose / Capabilities
  • Backdoor+Credential Stealer
No C2 servers have been identified for this family yet.

Research Reports (3)

High

SolarMarker -- install-x86 PowerShell Add-Type PresentationCore WPF, Sahte MSVCR120.dll VC++ Runtime Hata Mesajı, Convert FromBase64String Gömülü Payload | Yüksek

SolarMarker 1.59MB install-x86 exe. Add-Type -AssemblyName PresentationCore PresentationFramework PowerShell WPF. Sahte MSVCR120.dll was not found VC++ Runtime hata mesaji. Convert FromBase64String gizli payload.

Read Report →
Medium

SolarMarker/YellowCockatoo -- install-x86 (2).exe, PowerShell PresentationFramework, 2 BTC | Orta

SolarMarker YellowCockatoo 1.6MB install-x86 (2).exe. Add-Type PresentationCore PresentationFramework PS. 116jt1i BTC.

Read Report →
High

SolarMarker -- xABC 409KB DLL, LC9pAc20x5Y8 Uzun C2 Config, SEO Poisoning | Yüksek

SolarMarker xABCDEFGHIJKLMNOPQRSTUVWXYZ 409KB DLL. LC9pAc20x5Y8 base64 C2. SEO poisoning delivery.

Read Report →