General
-
Target
SolaraBootstrapper.exe
-
Size
12KB
-
Sample
240522-hb7wyafc3w
-
MD5
06f13f50c4580846567a644eb03a11f2
-
SHA1
39ee712b6dfc5a29a9c641d92c7467a2c4445984
-
SHA256
0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9
-
SHA512
f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9
-
SSDEEP
192:cDnQvi7auc35nuKdhAWVIanaLvmr/XKTxnTc1BREVXLGDlNjA:cDn97auc35tAKIanayzKto1jEVQzj
Static task
static1
Malware Config
Targets
-
-
Target
SolaraBootstrapper.exe
-
Size
12KB
-
MD5
06f13f50c4580846567a644eb03a11f2
-
SHA1
39ee712b6dfc5a29a9c641d92c7467a2c4445984
-
SHA256
0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9
-
SHA512
f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9
-
SSDEEP
192:cDnQvi7auc35nuKdhAWVIanaLvmr/XKTxnTc1BREVXLGDlNjA:cDn97auc35tAKIanayzKto1jEVQzj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-