Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SolaraB.zip
-
Size
335KB
-
Sample
240927-ymdp8sygla
-
MD5
2d68c0db76ecfbbba956d00f8e145218
-
SHA1
a733f64e32cc4d2db0428c0cfb5d1cfef84adf7b
-
SHA256
41e2ca41f9d830720be3d35256603ac69455745e0554e84e7be9d4d880ac3332
-
SHA512
850cf8d7570c0d3672f3bfab8740ac9ae8236f236524e9a064d69f2eb440eee1146c96478afd49f2262083d54e93c3bb484e5b833a2dffefc646a99cee9e8d41
-
SSDEEP
6144:1cv0dmbJ7tFimFAuz86QZ1evD6SGwk06OIijv21LhRaOkLi0SyJB/Vht:1e0diZsMRBsYD6B0rI71Lh5ku0XB/Vht
Static task
static1
Behavioral task
behavioral1
Sample
SolaraB.zip
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
SolaraB.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
SolaraB/BootstrapperV1.19.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
SolaraB/BootstrapperV1.19.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
SolaraB/DISCORD
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
SolaraB/DISCORD
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
SolaraB.zip
-
Size
335KB
-
MD5
2d68c0db76ecfbbba956d00f8e145218
-
SHA1
a733f64e32cc4d2db0428c0cfb5d1cfef84adf7b
-
SHA256
41e2ca41f9d830720be3d35256603ac69455745e0554e84e7be9d4d880ac3332
-
SHA512
850cf8d7570c0d3672f3bfab8740ac9ae8236f236524e9a064d69f2eb440eee1146c96478afd49f2262083d54e93c3bb484e5b833a2dffefc646a99cee9e8d41
-
SSDEEP
6144:1cv0dmbJ7tFimFAuz86QZ1evD6SGwk06OIijv21LhRaOkLi0SyJB/Vht:1e0diZsMRBsYD6B0rI71Lh5ku0XB/Vht
Score1/10 -
-
-
Target
SolaraB/BootstrapperV1.19.exe
-
Size
972KB
-
MD5
90fd25ced85fe6db28d21ae7d1f02e2c
-
SHA1
e27eff4cd4d383f5c564cce2bd1aaa2ffe4ec056
-
SHA256
97572bd57b08b59744e4dfe6f93fb96be4002dfe1aa78683771725401776464f
-
SHA512
1c775cf8dfde037eaa98eb14088c70d74923f0f6a83030a71f2f4c1a4453f6154dab7a4aa175e429860badda3e5e0ae226f3c3e8171332f5962bf36f8aa073fa
-
SSDEEP
24576:DIbp4sZotkNjFC/4qxp+k+kPFoHZvPrSMc:cvotkNjg/lhqZvG
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
SolaraB/DISCORD
-
Size
103B
-
MD5
487ab53955a5ea101720115f32237a45
-
SHA1
c59d22f8bc8005694505addef88f7968c8d393d3
-
SHA256
d64354a111fd859a08552f6738fecd8c5594475e8c03bb37546812a205d0d368
-
SHA512
468689d98645c9f32813d833a07bbcf96fe0de4593f4f4dc6757501fbce8e9951d21a8aa4a7050a87a904d203f521134328d426d4e6ab9f20e7e759769003b7c
Score1/10 -