Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SolaraBootrapper.exe

  • Size

    456KB

  • Sample

    240610-m1qfeagc8t

  • MD5

    f69ce486fdd380c2555229632782cf33

  • SHA1

    2d0fcc652f0ed2ef98a6ca79267fe5ade3bfc2f3

  • SHA256

    fe278313e0c1881d20de92eb25d7d54c3889302ab41a6dfd4bce7ef09ba1634a

  • SHA512

    37282041ba015c96b1db8fb156e3f28504d0266154e255c041dfc26b83358ec005e34c2e25b34650b0eb7700746639c6a7bbc68da2655a5ab8aec4e3f6d29f66

  • SSDEEP

    6144:ravR0hfwk3QY6sk2exgDe6VlWT8b90K1rBofjXz/b34nuM+V:GvGBZ3HDtrDPVle8HBo/LGuM4

Score
7/10

Malware Config

Targets

    • Target

      SolaraBootrapper.exe

    • Size

      456KB

    • MD5

      f69ce486fdd380c2555229632782cf33

    • SHA1

      2d0fcc652f0ed2ef98a6ca79267fe5ade3bfc2f3

    • SHA256

      fe278313e0c1881d20de92eb25d7d54c3889302ab41a6dfd4bce7ef09ba1634a

    • SHA512

      37282041ba015c96b1db8fb156e3f28504d0266154e255c041dfc26b83358ec005e34c2e25b34650b0eb7700746639c6a7bbc68da2655a5ab8aec4e3f6d29f66

    • SSDEEP

      6144:ravR0hfwk3QY6sk2exgDe6VlWT8b90K1rBofjXz/b34nuM+V:GvGBZ3HDtrDPVle8HBo/LGuM4

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks