SolarMarker
SolarMarker/Jupyter infostealer. PowerShell embedded host. Fake MSVCR120.dll error. Base64 payload. PSHost automation.
Threat Profile
Type
Backdoor
Programming LanguagePowerShell/.NET
C2 ProtocolHTTPS
First Seen2020
Targets
Kurumsal
Purpose / Capabilities
- Backdoor+Credential Stealer
No C2 servers have been identified for this family yet.
Research Reports (3)
SolarMarker -- install-x86 PowerShell Add-Type PresentationCore WPF, Sahte MSVCR120.dll VC++ Runtime Hata Mesajı, Convert FromBase64String Gömülü Payload | Yüksek
SolarMarker 1.59MB install-x86 exe. Add-Type -AssemblyName PresentationCore PresentationFramework PowerShell WPF. Sahte MSVCR120.dll was not found VC++ Runtime hata mesaji. Convert FromBase64String gizli payload.
Read Report →SolarMarker/YellowCockatoo -- install-x86 (2).exe, PowerShell PresentationFramework, 2 BTC | Orta
SolarMarker YellowCockatoo 1.6MB install-x86 (2).exe. Add-Type PresentationCore PresentationFramework PS. 116jt1i BTC.
Read Report →SolarMarker -- xABC 409KB DLL, LC9pAc20x5Y8 Uzun C2 Config, SEO Poisoning | Yüksek
SolarMarker xABCDEFGHIJKLMNOPQRSTUVWXYZ 409KB DLL. LC9pAc20x5Y8 base64 C2. SEO poisoning delivery.
Read Report →