Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
20/09/2024, 17:25
Behavioral task
behavioral1
Sample
Solara.exe
Resource
win10v2004-20240802-en
General
-
Target
Solara.exe
-
Size
78KB
-
MD5
13438d39f46bb3aa301c3841ece7ebb2
-
SHA1
73df2ebdfc99630055ac30fe4ad1c716df8b94e8
-
SHA256
52de440336e507aa5f83da2891db30fec93b9ca8938f94f4230d6edc28c34196
-
SHA512
af5ca9e6d20bcfd1e46b6b5c528a40a46a7ebb91a05ce47e374d62ebd848aaec80e913cec0b530289c557f2fd5cd552d2f6298535a85e9701c83b02d2b20988a
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC
Malware Config
Extracted
discordrat
-
discord_token
MTI4MjAzOTg1NjcyMTI5NzQwOA.G8Jemc.2Yo596vgm4EHrrszWksvp4dTlfBVdqyG77PAmg
-
server_id
1127201631080030318
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
flow ioc 57 discord.com 61 discord.com 62 discord.com 10 discord.com 11 discord.com 20 discord.com 53 raw.githubusercontent.com 54 raw.githubusercontent.com 55 discord.com 56 discord.com 60 raw.githubusercontent.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5004 Solara.exe