ac10a3ae90d450832300d24624ea8bd49c6ecff1de3539b793f6472f76d021fd | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

SolaraBoot...er.exe

windows7-x64

9

SolaraBoot...er.exe

windows10-2004-x64

9

Sharing

General

Target

SolaraBootstrapper.exe
Size

2.6MB
Sample

240701-vsvzxstdrn
MD5

9e43cdfc9923cc453111634a65f04691
SHA1

e3f73d7e5cd4e557ac755558ad539c6d2a5547b0
SHA256

ac10a3ae90d450832300d24624ea8bd49c6ecff1de3539b793f6472f76d021fd
SHA512

068ec0a085c8229e4fba4d4b5437a20fe82704c93ad7511e8f0cc0f21190d8af938891fb253a23a59ef567288f30bc63f1526b08e92017ca97ebea3341a74eba
SSDEEP

49152:xLpTsEQQEQ5pc0BK/sXJS3KM5dIy3LZrpgqTSihRN6UuNyY:xezYAn/KvclFrprSwwN

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

SolaraBootstrapper.exe

Resource

win7-20240611-en

evasion themida trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

SolaraBootstrapper.exe

Resource

win10v2004-20240508-en

evasion themida trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  SolaraBootstrapper.exe
- Size
  
  2.6MB
- MD5
  
  9e43cdfc9923cc453111634a65f04691
- SHA1
  
  e3f73d7e5cd4e557ac755558ad539c6d2a5547b0
- SHA256
  
  ac10a3ae90d450832300d24624ea8bd49c6ecff1de3539b793f6472f76d021fd
- SHA512
  
  068ec0a085c8229e4fba4d4b5437a20fe82704c93ad7511e8f0cc0f21190d8af938891fb253a23a59ef567288f30bc63f1526b08e92017ca97ebea3341a74eba
- SSDEEP
  
  49152:xLpTsEQQEQ5pc0BK/sXJS3KM5dIy3LZrpgqTSihRN6UuNyY:xezYAn/KvclFrprSwwN
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2025

Terms | Privacy