Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Solara.exe
-
Size
2.8MB
-
Sample
250210-xmm38sslbs
-
MD5
81d5f68b29a52cc6b377efeda2dba50e
-
SHA1
6ed4ee24fe54795277c91b9b89caae9acc1aa7ac
-
SHA256
152b7fd3a13aa795e5595624ab38482b67054ac00fa4a44642584d6f87f53b56
-
SHA512
41cc179a805c5a8781b410e75fa4052c2a845b48a34441832acf9995e486323cb5fbd9d5af9410753a51e1efadf64c77e577b5e579fbfbee90ac64f3405acfb4
-
SSDEEP
49152:kDjlabwz9SxZCoaKzEtNv0pS5A2yP3t8YXQc7ZEtySwZ3bFwbWvmkBdz4iiDm738:0qwAGoaYELcEByP3S29WyHZ3bFGqRK
Static task
static1
Behavioral task
behavioral1
Sample
Solara.exe
Resource
win11-20250210-en
Malware Config
Extracted
discordrat
-
discord_token
MTMxOTM1MTE1MDM2OTE4MTc4Ng.GhTORv.7TYxVVKGyzEoJDzqxZxw3WiemuXUrw_-lNIJk8
-
server_id
1313127388531523726
Targets
-
-
Target
Solara.exe
-
Size
2.8MB
-
MD5
81d5f68b29a52cc6b377efeda2dba50e
-
SHA1
6ed4ee24fe54795277c91b9b89caae9acc1aa7ac
-
SHA256
152b7fd3a13aa795e5595624ab38482b67054ac00fa4a44642584d6f87f53b56
-
SHA512
41cc179a805c5a8781b410e75fa4052c2a845b48a34441832acf9995e486323cb5fbd9d5af9410753a51e1efadf64c77e577b5e579fbfbee90ac64f3405acfb4
-
SSDEEP
49152:kDjlabwz9SxZCoaKzEtNv0pS5A2yP3t8YXQc7ZEtySwZ3bFwbWvmkBdz4iiDm738:0qwAGoaYELcEByP3S29WyHZ3bFGqRK
-
Discordrat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-