fe278313e0c1881d20de92eb25d7d54c3889302ab41a6dfd4bce7ef09ba1634a | Triage

Sharing

General

Target

SolaraBootrapper.exe
Size

456KB
Sample

240610-m1qfeagc8t
MD5

f69ce486fdd380c2555229632782cf33
SHA1

2d0fcc652f0ed2ef98a6ca79267fe5ade3bfc2f3
SHA256

fe278313e0c1881d20de92eb25d7d54c3889302ab41a6dfd4bce7ef09ba1634a
SHA512

37282041ba015c96b1db8fb156e3f28504d0266154e255c041dfc26b83358ec005e34c2e25b34650b0eb7700746639c6a7bbc68da2655a5ab8aec4e3f6d29f66
SSDEEP

6144:ravR0hfwk3QY6sk2exgDe6VlWT8b90K1rBofjXz/b34nuM+V:GvGBZ3HDtrDPVle8HBo/LGuM4

Score

7^/10

Malware Config

Targets

- Target
  
  SolaraBootrapper.exe
- Size
  
  456KB
- MD5
  
  f69ce486fdd380c2555229632782cf33
- SHA1
  
  2d0fcc652f0ed2ef98a6ca79267fe5ade3bfc2f3
- SHA256
  
  fe278313e0c1881d20de92eb25d7d54c3889302ab41a6dfd4bce7ef09ba1634a
- SHA512
  
  37282041ba015c96b1db8fb156e3f28504d0266154e255c041dfc26b83358ec005e34c2e25b34650b0eb7700746639c6a7bbc68da2655a5ab8aec4e3f6d29f66
- SSDEEP
  
  6144:ravR0hfwk3QY6sk2exgDe6VlWT8b90K1rBofjXz/b34nuM+V:GvGBZ3HDtrDPVle8HBo/LGuM4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2