Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SolaraBootstrapper1.0.exe

  • Size

    66.1MB

  • Sample

    240706-14r1asvakm

  • MD5

    5006fd02200a1deb0fd9239ac008648f

  • SHA1

    590478063fe6b1fb35eaf95d6c746ee9862bf170

  • SHA256

    87ec53dd9e90cc858b453e49fddecf56da7311e0e888cee70e3c6c67cdf8838b

  • SHA512

    e9531780fb0053c2e0a97d6bc0471955faa4b409bbb7adeea6205ced5885001cbc580cbea8fb5dba3c0fd60593eb8ef2587d5f4f23d56154847cd81e5006737b

  • SSDEEP

    1572864:7aR0LX5WJoWbgWRSgkNOXWxtQSNLiI/sOX6ywjRB4I:7aRuX5M3gbcKCm/nX3ub4I

Score
7/10

Malware Config

Targets

    • Target

      SolaraBootstrapper1.0.exe

    • Size

      66.1MB

    • MD5

      5006fd02200a1deb0fd9239ac008648f

    • SHA1

      590478063fe6b1fb35eaf95d6c746ee9862bf170

    • SHA256

      87ec53dd9e90cc858b453e49fddecf56da7311e0e888cee70e3c6c67cdf8838b

    • SHA512

      e9531780fb0053c2e0a97d6bc0471955faa4b409bbb7adeea6205ced5885001cbc580cbea8fb5dba3c0fd60593eb8ef2587d5f4f23d56154847cd81e5006737b

    • SSDEEP

      1572864:7aR0LX5WJoWbgWRSgkNOXWxtQSNLiI/sOX6ywjRB4I:7aRuX5M3gbcKCm/nX3ub4I

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      HaterCollecter.pyc

    • Size

      57KB

    • MD5

      3e6b658da688b5e4538d96d1f3bba4a3

    • SHA1

      c005025e0f67d5385ba594ef0639af12b72c61b8

    • SHA256

      896e62a81fa894962f65ee18adde9da069936f133bc7f2e0ef7dc35ea5b473ca

    • SHA512

      769ca6f5c7664f6354cd988bfdd3f7f389a8c095a82990403e871efa61552088d4577f1d8ebf4ad0edbcbea9741a8449c9a47cd5f1b7f5dce61d5b8eb89ee4bc

    • SSDEEP

      768:v16L99lxW4Jv09D/rBNVNic7tFMGoVAugA7Lk/7mflDRBfMS6LkX:g34/rlscsAugAXkjIltBfELkX

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks