Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Solar Client.zip

  • Size

    59.0MB

  • Sample

    240630-r83sxsshln

  • MD5

    98f417f4765adcd6c24a390276e26b00

  • SHA1

    353c97867db774bb0b90c537d6bc348923c71575

  • SHA256

    53154c1318430656cd3cea95e48ef7bf62f196a871ab6e137f5893bafbcf018d

  • SHA512

    c737fd0c43aba1abc50ee7c78fd931baeb5eb4ef10778322bab06046e2155e201955a9b35dc9af234862c3e1d7014e066fa4cc3a86848f17c7c28e03ef218a6e

  • SSDEEP

    1572864:mB1724cLi/Fts1XSFBfhty/oStlfEV8mh6qca:mbQLI2dSF1ryDrfMLca

Score
7/10

Malware Config

Targets

    • Target

      Solar Client/Solar-Tweaks-Setup-4.2.0.exe

    • Size

      59.3MB

    • MD5

      dfdea5f4a771556305d2faef94c8cf18

    • SHA1

      f0cbbd1a88c7ebbc84a8b68cbf695eead7273328

    • SHA256

      16a152d46f5bccb505d769cc3863277c7ef2e15f7f9d3fee570f98377d69c91b

    • SHA512

      08ac72e28a3e621c05929bd8e0421975ca65749f0321d2eee163a16be7072ea0e81ad3d65bba7e455cedca33289f2aa6f6c5dfb42b45a627b95b3960db3b8642

    • SSDEEP

      1572864:qy1s9ggeDH7QDv2zFZJTCT6MR9L0T+wKseEc:qy1sHYcL2zfNwbnLbdEc

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    1/10
    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    • Target

      LICENSES.chromium.html

    • Size

      5.1MB

    • MD5

      6b84319ee8a0a0af690273d3d2dcbaf4

    • SHA1

      857ca353e0582d100dcbc6cb6761bb4430d0cb90

    • SHA256

      fc2a256467fb4d4ff72be6c423e5961e98b418554deeec296aded0e757b9a585

    • SHA512

      26f9842bfdb429ef132cc1a930da9187071a339927eda402e8d54b5eb9e03067612cdadc3a2dad3d0977f8e6af18c05eab6ac91720221c6a0104f96638f85a8a

    • SSDEEP

      24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS

    Score
    1/10
    • Target

      Solar Tweaks.exe

    • Size

      130.1MB

    • MD5

      b7cd0e6338eea04671d96dc170749be3

    • SHA1

      99ccfefb5d283e37f488c78112fcb9e9418d6798

    • SHA256

      b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad

    • SHA512

      1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943

    • SSDEEP

      1572864:2mYWQRWtJ65M7a2iu4Rywh9hJyO9N+oJOTU8f/kmgZ2sI:B4M7a2H4Ryu+dNgI

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      d3dcompiler_47.dll

    • Size

      4.3MB

    • MD5

      7641e39b7da4077084d2afe7c31032e0

    • SHA1

      2256644f69435ff2fee76deb04d918083960d1eb

    • SHA256

      44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

    • SHA512

      8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

    • SSDEEP

      49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt

    Score
    1/10
    • Target

      ffmpeg.dll

    • Size

      2.6MB

    • MD5

      7c3c780de9ae5cc4abeccbd7cb6b367b

    • SHA1

      bda27b3c0b1ec023e2a0a97099a84b10e04cb135

    • SHA256

      39293258d5a2418841edb5ccf9ab3ad23064fb95e1ddfa7a3c6295a24c272a08

    • SHA512

      80a79f827c3154461158ec6f466db0c2ecd9ce9ffd7728001644d4cf382721d09c0758f98f73d7fa548e4e220ffd2b8842303d67a43e79b9146e8b882853658c

    • SSDEEP

      49152:8MnbcrH9v7eCZPxX+qzohT99hDoapghnshy43yBcxnyKbZtjB0HVEMGJSj/8NOv:dCZpX+q27saesDSjbv

    Score
    1/10
    • Target

      libEGL.dll

    • Size

      429KB

    • MD5

      b3017453d487a7d33445c1d2d9b9bc13

    • SHA1

      7e643ccb8984a4a92dd439eeb4bdaaeb62bd8862

    • SHA256

      23046e7fe2bbf76ee2c5596b6beac723ad465fdbaa44266486102cdb292148a1

    • SHA512

      fd583f4b95aa974d72628bcc548feb22bc86c5ab0fd1536995bd796e28422f56e6799d60e2c3bef9aed9a1080eaf12338a3b29b8c3d40ba5166030a219572baf

    • SSDEEP

      6144:67Udu1o3YnElXvzYhRk9o+3Re3wpcOQy5n+t7dPs:wUdu1NElX7QR2osJ5+XP

    Score
    1/10
    • Target

      libGLESv2.dll

    • Size

      7.6MB

    • MD5

      dd8d815769cbf46af41a41931e9b4572

    • SHA1

      f242fcc4cfd5030f3f543c22f141185cd86e7142

    • SHA256

      dd74029716da56a0e4b64bc5cea0c169e1c4b31143ff39213d3c544792e8f2b9

    • SHA512

      69a12f862157746ffc27b637941261a0c5c494175c3e674c7de4d0c4452a5b9358735944e8e0568b7279a7791cf178c9b1afd5ea4a781e93f28cd775a0a6096f

    • SSDEEP

      98304:p5a6GJCIf2Knqdu5iIBIcbWwYSqARSHoDNSv:pKIwBqARSH

    Score
    1/10
    • Target

      resources/app.asar

    • Size

      6.0MB

    • MD5

      9c12e7fb205f75b66a6ee62e4ca92a9b

    • SHA1

      8e9976b84c9bf1827bb96fc61c0b7dc96e2f596e

    • SHA256

      a8018e6d6af92f4e0a19b35fafc1d47a3362045335f4bf50da1af3adf34e5f50

    • SHA512

      2e49f8568506ae002dba30badd7a137f07d3e90949d93c2d741e166e53c752ada9bccd970c5a9f55cde54f8c4f53cc2d6dd6b908c6300e2c172d911c10dda029

    • SSDEEP

      49152:l7UsvLGH/gjRxJIZBbpBKv8A5v4hjfE/z1bzXALnb/CYWTyD5GGBEMlk/QSI7+nY:wAF9TJB3LN5yoL4vBN16crFcbmvZ

    Score
    3/10
    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    1/10
    • Target

      swiftshader/libEGL.dll

    • Size

      448KB

    • MD5

      038a73114d439bfc94be4732b2794998

    • SHA1

      4b7a9d52da1bd808af979cf5cfb146404494317a

    • SHA256

      b1054e0dc2ab31a7cf3cd7f3dae07b1ec31acd42c157be13ce47ea870840f0cc

    • SHA512

      8788e43de424e1d7a163d0b7f4d719c36bf8fdee9808d405aeb05993c446d4f2a595741cb4d98f5e9611cd16d09de9445bf72176a799f4189168bb8509b115ff

    • SSDEEP

      6144:/H0B/LCOJ7lTp0k7zKd0POc37Tta9pdEp2si0xnLB4Vz:/MCOJ7lFx7zxt6dEY0VLSV

    Score
    1/10
    • Target

      swiftshader/libGLESv2.dll

    • Size

      3.1MB

    • MD5

      38ec86347b3e467c5868e35ab48f89f2

    • SHA1

      4db17d065cc330b277a70f9fb8dff0c4b426f314

    • SHA256

      2e10d308d0207835b07df3bb38bee88300aa57fcb214051e8654d29587257744

    • SHA512

      2b2405ed51ea1d232f2d60072e4f57e70f36f1a8f9d0a935772bfb9a3be50c1d6136cee496fde9fb3dda1f0d2f1c643cb9f162e0b68828ff854645eb1e8216f4

    • SSDEEP

      49152:EAtfKpPXV/5DdijA29+0QdjwSx+qovRYFDguXfol+4iduejy3bEW2ehvxLTL10dO:nwNynDyguydMVW5v1

    Score
    1/10
    • Target

      vk_swiftshader.dll

    • Size

      4.5MB

    • MD5

      0d3deb7dc62ea45c6624aab2b1ed8071

    • SHA1

      0e4a7276784e3d8e6d6440669a65bd88f840b078

    • SHA256

      cc947f08b87f4636213211b22328c32d1986d49abc96a619799091fa6a15c851

    • SHA512

      38b674e0a0fefe1fa61ae144e6707b0eb7cfb73a8d01315f2b984cd1ebeb017cddeb89e39daa0f5806cc295a540e826a97422a677c361ebab3f8e4767228e5e6

    • SSDEEP

      49152:53YxjaP0AETYj7g/yaI75j/7wiSmQEZLT/lbMnP3cuJUiId+R9iETUjdCB2KmGsl:UAbIASP1aRldQ

    Score
    1/10
    • Target

      vulkan-1.dll

    • Size

      707KB

    • MD5

      3cffcffbf394159458566fb79b9abd3f

    • SHA1

      7e0f09e9ea67e9e587305e2f740c8620dad12595

    • SHA256

      26460b9250e904a9db6e5e0893e746a84ffae21c02e083e3f33a913d7cc79111

    • SHA512

      93a73aef9237d52119f9886ca6eff7975cdd6931d12087ea4c0397807b19c6195e24045d80b606bfc45f754c58ab5b1f789d95e91250828629724b9446501c55

    • SSDEEP

      12288:Dwc+2rLfirhAu07HvM5BSNraGMiuvo52Ap:D82r79KBSwBiuv

    Score
    1/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      ec0504e6b8a11d5aad43b296beeb84b2

    • SHA1

      91b5ce085130c8c7194d66b2439ec9e1c206497c

    • SHA256

      5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

    • SHA512

      3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

    • SSDEEP

      96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    • Target

      $PLUGINSDIR/nsis7z.dll

    • Size

      424KB

    • MD5

      80e44ce4895304c6a3a831310fbf8cd0

    • SHA1

      36bd49ae21c460be5753a904b4501f1abca53508

    • SHA256

      b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

    • SHA512

      c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

    • SSDEEP

      6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck

    Score
    3/10
    • Target

      Uninstall Solar Tweaks.exe

    • Size

      394KB

    • MD5

      68feea1405b258523b999de8b1f597d6

    • SHA1

      1064551fce23365588d14b875eb93af09583f7f0

    • SHA256

      e25747059c7581a9541b83913a066e8551d2f8b601cd1dfb9954a3c24b1b528f

    • SHA512

      0607ea6500d820b5585389b233ece7593f8e964622f4492e87c5ec7b5863f38804af6d96819df70715699ad8c6c50871b44008d5a198ddbab6b5ed8a7f290c7b

    • SSDEEP

      6144:8740IumguQuA12m8dKGO0nYS2dlR7+eZl26:+bt8dHYltn

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks