Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SolaraBoostrapper.exe

  • Size

    46KB

  • Sample

    240707-wr5y6swdpj

  • MD5

    b70eccec2079ce0b1ef1a1701349f387

  • SHA1

    0f7a61968c427a8cd78ff161c908a2e8f4ae6138

  • SHA256

    6491cb2ff9451e79f5ba5a621165c68b12ed8a170dcbbcec1c5b188986f04e27

  • SHA512

    cc9d137e587498fdb96437dc0d919e6bb1c0131e594d99dcafb063a28bc40cca9958a99b45f4f62bb7b6b20049ec25ba747e59f9816ccd2d643ccfdc04255c6a

  • SSDEEP

    768:0dhO/poiiUcjlJInwHqH9Xqk5nWEZ5SbTDaSWI7CPW5j:Ow+jjgnHH9XqcnW85SbTTWIb

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

192.168.56.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    Windows Defender

Targets

    • Target

      SolaraBoostrapper.exe

    • Size

      46KB

    • MD5

      b70eccec2079ce0b1ef1a1701349f387

    • SHA1

      0f7a61968c427a8cd78ff161c908a2e8f4ae6138

    • SHA256

      6491cb2ff9451e79f5ba5a621165c68b12ed8a170dcbbcec1c5b188986f04e27

    • SHA512

      cc9d137e587498fdb96437dc0d919e6bb1c0131e594d99dcafb063a28bc40cca9958a99b45f4f62bb7b6b20049ec25ba747e59f9816ccd2d643ccfdc04255c6a

    • SSDEEP

      768:0dhO/poiiUcjlJInwHqH9Xqk5nWEZ5SbTDaSWI7CPW5j:Ow+jjgnHH9XqcnW85SbTTWIb

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks