Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SolaraBootstrapper.exe
-
Size
715KB
-
Sample
240710-pm43raxgkp
-
MD5
f76e6a62661fdf7181a0072479b2f7c7
-
SHA1
bd4995f5d5d39931cec7bdf7872c89ca1c98b5d0
-
SHA256
f74f54580d6be2be3245755cd960e61a29f0b0766e3eec827cb2909d6c768801
-
SHA512
526e948cffaacaa6caa9313d28bdf8b726a40d863a6b6021482497b7c121ed830141cdcc3128d08122d9e50ab39fc4a0ff6475640ea0790c3b099ed829f310b9
-
SSDEEP
12288:gPwNKpOkwyszkgmBaPeMpAqrepwBWP3pwdDT6ulrGQ+Sf4JRZbsGOsyr4Fzi5:gPwAkkEzkgyaPhKpNPSDT6ulGtR6eFz
Static task
static1
Behavioral task
behavioral1
Sample
SolaraBootstrapper.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
SolaraBootstrapper.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
SolaraBootstrapper.exe
-
Size
715KB
-
MD5
f76e6a62661fdf7181a0072479b2f7c7
-
SHA1
bd4995f5d5d39931cec7bdf7872c89ca1c98b5d0
-
SHA256
f74f54580d6be2be3245755cd960e61a29f0b0766e3eec827cb2909d6c768801
-
SHA512
526e948cffaacaa6caa9313d28bdf8b726a40d863a6b6021482497b7c121ed830141cdcc3128d08122d9e50ab39fc4a0ff6475640ea0790c3b099ed829f310b9
-
SSDEEP
12288:gPwNKpOkwyszkgmBaPeMpAqrepwBWP3pwdDT6ulrGQ+Sf4JRZbsGOsyr4Fzi5:gPwAkkEzkgyaPhKpNPSDT6ulGtR6eFz
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
BITS Jobs
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1