Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SolaraB.zip

  • Size

    335KB

  • Sample

    240927-ymdp8sygla

  • MD5

    2d68c0db76ecfbbba956d00f8e145218

  • SHA1

    a733f64e32cc4d2db0428c0cfb5d1cfef84adf7b

  • SHA256

    41e2ca41f9d830720be3d35256603ac69455745e0554e84e7be9d4d880ac3332

  • SHA512

    850cf8d7570c0d3672f3bfab8740ac9ae8236f236524e9a064d69f2eb440eee1146c96478afd49f2262083d54e93c3bb484e5b833a2dffefc646a99cee9e8d41

  • SSDEEP

    6144:1cv0dmbJ7tFimFAuz86QZ1evD6SGwk06OIijv21LhRaOkLi0SyJB/Vht:1e0diZsMRBsYD6B0rI71Lh5ku0XB/Vht

Score
7/10

Malware Config

Targets

    • Target

      SolaraB.zip

    • Size

      335KB

    • MD5

      2d68c0db76ecfbbba956d00f8e145218

    • SHA1

      a733f64e32cc4d2db0428c0cfb5d1cfef84adf7b

    • SHA256

      41e2ca41f9d830720be3d35256603ac69455745e0554e84e7be9d4d880ac3332

    • SHA512

      850cf8d7570c0d3672f3bfab8740ac9ae8236f236524e9a064d69f2eb440eee1146c96478afd49f2262083d54e93c3bb484e5b833a2dffefc646a99cee9e8d41

    • SSDEEP

      6144:1cv0dmbJ7tFimFAuz86QZ1evD6SGwk06OIijv21LhRaOkLi0SyJB/Vht:1e0diZsMRBsYD6B0rI71Lh5ku0XB/Vht

    Score
    1/10
    • Target

      SolaraB/BootstrapperV1.19.exe

    • Size

      972KB

    • MD5

      90fd25ced85fe6db28d21ae7d1f02e2c

    • SHA1

      e27eff4cd4d383f5c564cce2bd1aaa2ffe4ec056

    • SHA256

      97572bd57b08b59744e4dfe6f93fb96be4002dfe1aa78683771725401776464f

    • SHA512

      1c775cf8dfde037eaa98eb14088c70d74923f0f6a83030a71f2f4c1a4453f6154dab7a4aa175e429860badda3e5e0ae226f3c3e8171332f5962bf36f8aa073fa

    • SSDEEP

      24576:DIbp4sZotkNjFC/4qxp+k+kPFoHZvPrSMc:cvotkNjg/lhqZvG

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      SolaraB/DISCORD

    • Size

      103B

    • MD5

      487ab53955a5ea101720115f32237a45

    • SHA1

      c59d22f8bc8005694505addef88f7968c8d393d3

    • SHA256

      d64354a111fd859a08552f6738fecd8c5594475e8c03bb37546812a205d0d368

    • SHA512

      468689d98645c9f32813d833a07bbcf96fe0de4593f4f4dc6757501fbce8e9951d21a8aa4a7050a87a904d203f521134328d426d4e6ab9f20e7e759769003b7c

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks