Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SolaraBootstrapper.exe
-
Size
2.6MB
-
Sample
240701-vsvzxstdrn
-
MD5
9e43cdfc9923cc453111634a65f04691
-
SHA1
e3f73d7e5cd4e557ac755558ad539c6d2a5547b0
-
SHA256
ac10a3ae90d450832300d24624ea8bd49c6ecff1de3539b793f6472f76d021fd
-
SHA512
068ec0a085c8229e4fba4d4b5437a20fe82704c93ad7511e8f0cc0f21190d8af938891fb253a23a59ef567288f30bc63f1526b08e92017ca97ebea3341a74eba
-
SSDEEP
49152:xLpTsEQQEQ5pc0BK/sXJS3KM5dIy3LZrpgqTSihRN6UuNyY:xezYAn/KvclFrprSwwN
Behavioral task
behavioral1
Sample
SolaraBootstrapper.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
SolaraBootstrapper.exe
-
Size
2.6MB
-
MD5
9e43cdfc9923cc453111634a65f04691
-
SHA1
e3f73d7e5cd4e557ac755558ad539c6d2a5547b0
-
SHA256
ac10a3ae90d450832300d24624ea8bd49c6ecff1de3539b793f6472f76d021fd
-
SHA512
068ec0a085c8229e4fba4d4b5437a20fe82704c93ad7511e8f0cc0f21190d8af938891fb253a23a59ef567288f30bc63f1526b08e92017ca97ebea3341a74eba
-
SSDEEP
49152:xLpTsEQQEQ5pc0BK/sXJS3KM5dIy3LZrpgqTSihRN6UuNyY:xezYAn/KvclFrprSwwN
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-