General
-
Target
SolaraBoostrapper.exe
-
Size
46KB
-
Sample
240707-wr5y6swdpj
-
MD5
b70eccec2079ce0b1ef1a1701349f387
-
SHA1
0f7a61968c427a8cd78ff161c908a2e8f4ae6138
-
SHA256
6491cb2ff9451e79f5ba5a621165c68b12ed8a170dcbbcec1c5b188986f04e27
-
SHA512
cc9d137e587498fdb96437dc0d919e6bb1c0131e594d99dcafb063a28bc40cca9958a99b45f4f62bb7b6b20049ec25ba747e59f9816ccd2d643ccfdc04255c6a
-
SSDEEP
768:0dhO/poiiUcjlJInwHqH9Xqk5nWEZ5SbTDaSWI7CPW5j:Ow+jjgnHH9XqcnW85SbTTWIb
Behavioral task
behavioral1
Sample
SolaraBoostrapper.exe
Resource
win7-20240705-en
Malware Config
Extracted
xenorat
192.168.56.1
Xeno_rat_nd8912d
-
delay
5000
-
install_path
appdata
-
port
4444
-
startup_name
Windows Defender
Targets
-
-
Target
SolaraBoostrapper.exe
-
Size
46KB
-
MD5
b70eccec2079ce0b1ef1a1701349f387
-
SHA1
0f7a61968c427a8cd78ff161c908a2e8f4ae6138
-
SHA256
6491cb2ff9451e79f5ba5a621165c68b12ed8a170dcbbcec1c5b188986f04e27
-
SHA512
cc9d137e587498fdb96437dc0d919e6bb1c0131e594d99dcafb063a28bc40cca9958a99b45f4f62bb7b6b20049ec25ba747e59f9816ccd2d643ccfdc04255c6a
-
SSDEEP
768:0dhO/poiiUcjlJInwHqH9Xqk5nWEZ5SbTDaSWI7CPW5j:Ow+jjgnHH9XqcnW85SbTTWIb
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-