Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SolaraB.zip
-
Size
6KB
-
Sample
240630-e5c2waxdkl
-
MD5
b15b5c14f0f55758c10373a4f6901e95
-
SHA1
7a0f29c66b2b5b387f9dd5ad71c8cc1827da6b2d
-
SHA256
18ddcf2eba0cfd5f1f79b36250afe9a8a03986c6b73cd55ae1aa412046d33756
-
SHA512
9b8c58543a5260d45c3d335d6531ba7ace1539f1e1a7e8733fe445846b80e9b8707d64156f701ed420e3217350ee1cacf24b4deafe784554bf88e33cdd31de81
-
SSDEEP
192:/RJ89IahZ1Ka3u4VyPbKY7OrqbcjJuFl5ctFQnfKM:/RJ89IahX/eo0KYKrUcoMt+nfl
Static task
static1
Behavioral task
behavioral1
Sample
SolaraB.zip
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
SolaraB.zip
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
SolaraB/Solara/SolaraBootstrapper.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
SolaraB/Solara/SolaraBootstrapper.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
SolaraB/Solara/workspace/IY_FE.iy
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
SolaraB/Solara/workspace/IY_FE.iy
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
SolaraB.zip
-
Size
6KB
-
MD5
b15b5c14f0f55758c10373a4f6901e95
-
SHA1
7a0f29c66b2b5b387f9dd5ad71c8cc1827da6b2d
-
SHA256
18ddcf2eba0cfd5f1f79b36250afe9a8a03986c6b73cd55ae1aa412046d33756
-
SHA512
9b8c58543a5260d45c3d335d6531ba7ace1539f1e1a7e8733fe445846b80e9b8707d64156f701ed420e3217350ee1cacf24b4deafe784554bf88e33cdd31de81
-
SSDEEP
192:/RJ89IahZ1Ka3u4VyPbKY7OrqbcjJuFl5ctFQnfKM:/RJ89IahX/eo0KYKrUcoMt+nfl
Score3/10 -
-
-
Target
SolaraB/Solara/SolaraBootstrapper.exe
-
Size
13KB
-
MD5
6557bd5240397f026e675afb78544a26
-
SHA1
839e683bf68703d373b6eac246f19386bb181713
-
SHA256
a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239
-
SHA512
f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97
-
SSDEEP
192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
SolaraB/Solara/workspace/IY_FE.iy
-
Size
539B
-
MD5
254236b95c2d6ae908e93a360fb749b8
-
SHA1
57ed578dbd1230cce16d31ae380394f2a649325c
-
SHA256
6f6330ec143d653fbbfd14672a534def12ff9325e7aec90b41f65f059ad2ae26
-
SHA512
812b01941160c6fe41b77ad0f1ce905fb84a552ee6d0d42a4c0b0fbca018718c94ede6c081ea220a2e6e401b4ed2b23d088ce6c70417c860e3d259babc1223c3
Score3/10 -