General
-
Target
SolaraBootstrapper.exe
-
Size
13KB
-
Sample
240616-f1y9zsvfkj
-
MD5
ddd1e59b3b4284ebea151af156288e07
-
SHA1
8b15bd035c050f3ff06e552814f317a215349a46
-
SHA256
4f781c8fa7e46fcdc6d43306d63b40829c694ec8e22e76b974541ad9fcca8e15
-
SHA512
3781aead73f0cd06203e8caf3000690bd8b3984e4484d4bc19fed8ce985f53284dc0e992c9f8ecd36cf11bbab01af158e0a461ae8666d66b0a0bcaf451daaf1f
-
SSDEEP
192:kNmF5mpRsEGBWkq3aFaLHPr/XKk0ifnTJ1S5HsRjd:kmxEGBWkq3aFaLzKVifd1S5Cj
Static task
static1
Malware Config
Targets
-
-
Target
SolaraBootstrapper.exe
-
Size
13KB
-
MD5
ddd1e59b3b4284ebea151af156288e07
-
SHA1
8b15bd035c050f3ff06e552814f317a215349a46
-
SHA256
4f781c8fa7e46fcdc6d43306d63b40829c694ec8e22e76b974541ad9fcca8e15
-
SHA512
3781aead73f0cd06203e8caf3000690bd8b3984e4484d4bc19fed8ce985f53284dc0e992c9f8ecd36cf11bbab01af158e0a461ae8666d66b0a0bcaf451daaf1f
-
SSDEEP
192:kNmF5mpRsEGBWkq3aFaLHPr/XKk0ifnTJ1S5HsRjd:kmxEGBWkq3aFaLzKVifd1S5Cj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-