search

quivings / Solara

Storage
46 stars 29 forks source link

Executable loaded by SolaraBootstrapper reads files like a stealer.. #12

Closed 6ce closed 1 month ago

6ce commented 1 month ago

I must say, since Hyperion stops users from using a VM to exploit, making a stealer that is only run on host machines through a Roblox executor is smart.

https://www.virustotal.com/gui/file/4e4a21108e47992f76de64fac82bbadf879c9801c236cc127fb8fb4ad3388d43/behavior

asdgasgfdasd commented 1 month ago

what about this?

https://www.virustotal.com/gui/file/a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

quivings commented 1 month ago

The bootstrapper is not obfuscated by the way, so the virustotal is useless. You can reverse it and see it literally does not steal files. You lack knowledge.

reggietorres commented 1 month ago

The bootstrapper is not obfuscated by the way, so the virustotal is useless. You can reverse it and see it literally does not steal files. You lack knowledge.

If you can easily reverse it, why don't you post the source here? Update the code here, Actually use github the way it was intended?

6ce commented 4 weeks ago

The bootstrapper is not obfuscated by the way, so the virustotal is useless. You can reverse it and see it literally does not steal files. You lack knowledge.

Please read the title: Executable loaded by SolaraBootstrapper.

Obviously the SolaraBootstrapper can be easily read with dnSpy. My issue stands with an executable loaded by the bootstrapper, which cannot be easily decompiled (atleast by me).

quivings commented 4 weeks ago

Your write up is misinformation. There is no “Main.exe” nor is there a “SolaraBootstrapper2.exe”. Either you have downloaded it from an unofficial source or this is rage bait.

6ce commented 4 weeks ago

Funny.

https://files.catbox.moe/4u8k2w.mp4

quivings commented 4 weeks ago

I'm finding nothing funny about that, but what's funny is you pulling up a virustotal scan acting like it's the end all be all. This is the last time I will say this - these files do not exist and whatever is being shown on the virus total site has nothing to do with me. This is the last time I will be responding, as I am not obliged to prove myself to anyone. Your info is not being stolen, it will continue to not be stolen, and Solara will continue no matter if your repository exists or not. You lack knowledge and it shows when all you do is open an exe on virus total or tria.ge

If you're really looking to dig deeper, I suggest learning to reverse. From there, you can determine if it's a stealer. Thank you for your contribution! :)