Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Solara.exe

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Solara.exe

  • Size

    2.8MB

  • Sample

    250210-xmm38sslbs

  • MD5

    81d5f68b29a52cc6b377efeda2dba50e

  • SHA1

    6ed4ee24fe54795277c91b9b89caae9acc1aa7ac

  • SHA256

    152b7fd3a13aa795e5595624ab38482b67054ac00fa4a44642584d6f87f53b56

  • SHA512

    41cc179a805c5a8781b410e75fa4052c2a845b48a34441832acf9995e486323cb5fbd9d5af9410753a51e1efadf64c77e577b5e579fbfbee90ac64f3405acfb4

  • SSDEEP

    49152:kDjlabwz9SxZCoaKzEtNv0pS5A2yP3t8YXQc7ZEtySwZ3bFwbWvmkBdz4iiDm738:0qwAGoaYELcEByP3S29WyHZ3bFGqRK

Score
10/10
discordratdefense_evasiondiscoveryexecutionpersistenceratrootkitstealerthemidatrojan

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxOTM1MTE1MDM2OTE4MTc4Ng.GhTORv.7TYxVVKGyzEoJDzqxZxw3WiemuXUrw_-lNIJk8

  • server_id

    1313127388531523726

Targets

    • Target

      Solara.exe

    • Size

      2.8MB

    • MD5

      81d5f68b29a52cc6b377efeda2dba50e

    • SHA1

      6ed4ee24fe54795277c91b9b89caae9acc1aa7ac

    • SHA256

      152b7fd3a13aa795e5595624ab38482b67054ac00fa4a44642584d6f87f53b56

    • SHA512

      41cc179a805c5a8781b410e75fa4052c2a845b48a34441832acf9995e486323cb5fbd9d5af9410753a51e1efadf64c77e577b5e579fbfbee90ac64f3405acfb4

    • SSDEEP

      49152:kDjlabwz9SxZCoaKzEtNv0pS5A2yP3t8YXQc7ZEtySwZ3bFwbWvmkBdz4iiDm738:0qwAGoaYELcEByP3S29WyHZ3bFGqRK

    Score
    10/10
    discordratdefense_evasiondiscoveryexecutionpersistenceratrootkitstealerthemidatrojan

    • Discord RAT

      A RAT written in C# using Discord as a C2.

      stealerrootkitratpersistencediscordrat

    • Discordrat family

      discordrat

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks