General

  • Target

    SolaraBootstrapper.exe

  • Size

    7.4MB

  • Sample

    240628-xfkdrsyfkh

  • MD5

    397378b38483b904a99c1c8d69eba0a1

  • SHA1

    3f1c0bb763cf29ac09a99ffe6115d946d3c02aaf

  • SHA256

    614e3f63c889d7726659b939d24259f094e1cc9d5e9e83517b81b4aacd9ff48f

  • SHA512

    318a511606ec2806f7decac384a25cb1091c1c32d3b9782e43f5d36eb67b5723a52d56e82a83847369d89535146a3c97e493b1aa98d3c6cdb304f1bb2c4398fc

  • SSDEEP

    98304:uveYgZhUmNz6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3zCUTVv9JT1sOBN3oQ:uWYS6HOshoKMuIkhVastRL5Di3u01D7t

Malware Config

Targets

    • Target

      SolaraBootstrapper.exe

    • Size

      7.4MB

    • MD5

      397378b38483b904a99c1c8d69eba0a1

    • SHA1

      3f1c0bb763cf29ac09a99ffe6115d946d3c02aaf

    • SHA256

      614e3f63c889d7726659b939d24259f094e1cc9d5e9e83517b81b4aacd9ff48f

    • SHA512

      318a511606ec2806f7decac384a25cb1091c1c32d3b9782e43f5d36eb67b5723a52d56e82a83847369d89535146a3c97e493b1aa98d3c6cdb304f1bb2c4398fc

    • SSDEEP

      98304:uveYgZhUmNz6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3zCUTVv9JT1sOBN3oQ:uWYS6HOshoKMuIkhVastRL5Di3u01D7t

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks