Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SolaraB2.zip

  • Size

    279KB

  • Sample

    240615-ajf47ascjc

  • MD5

    2766f1e9619a03a2839cc823521fc43a

  • SHA1

    949f5562e20712be54b707a9f06453cdb6705063

  • SHA256

    c28e6fd5a32ff323fc91a31910904826f000231f769138cb2347005bd6535e0c

  • SHA512

    c3a1d4d56a854d79784943cfe5febf08c5ada150a14c0f80c5aefc7361a826b1b45ca8f08026ec039b42e79809aac6fda4fdef7f4b30575c9e0bb98299bcc995

  • SSDEEP

    6144:dJfSqmQdPDOtTaKBAG6p2GcgsLpoHYgmUD2irF4N:TcQbITXBAX2DRLy1mKrF8

Malware Config

Targets

    • Target

      SolaraB2.zip

    • Size

      279KB

    • MD5

      2766f1e9619a03a2839cc823521fc43a

    • SHA1

      949f5562e20712be54b707a9f06453cdb6705063

    • SHA256

      c28e6fd5a32ff323fc91a31910904826f000231f769138cb2347005bd6535e0c

    • SHA512

      c3a1d4d56a854d79784943cfe5febf08c5ada150a14c0f80c5aefc7361a826b1b45ca8f08026ec039b42e79809aac6fda4fdef7f4b30575c9e0bb98299bcc995

    • SSDEEP

      6144:dJfSqmQdPDOtTaKBAG6p2GcgsLpoHYgmUD2irF4N:TcQbITXBAX2DRLy1mKrF8

    Score
    1/10
    • Target

      SolaraB2/SolaraBootstrapper.exe

    • Size

      798KB

    • MD5

      7416a188b82e9dc4b020a59d3c9267d5

    • SHA1

      15b67c0e13667dd00f2f1d1d2d3132e629e746f3

    • SHA256

      6a6990c2da4da8f8870da3e33865a1dff8f16874793b232971194c074f3b7838

    • SHA512

      3f2616216e8dc70362cc6d3f8e76a009108fe04d98697a744c131b76f3c693364ef2a80716ccd9a8f9987d2ac10b0316b0328a0066260055fcbadcd449aaf704

    • SSDEEP

      12288:pfSmzhHoAX5TyQvgwRojAojGdJaTGLLvlguxD:smzhHWQDRojAojGddLL

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks