Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

boostrapper.exe

windows7-x64

7

boostrapper.exe

windows10-2004-x64

9

builder.py

windows7-x64

3

builder.py

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    solara.zip

  • Size

    115.2MB

  • Sample

    250322-m5ppns1zcy

  • MD5

    5c73791cc6f471568fa45078d267c09c

  • SHA1

    538a92d8ce43db6046ea4f6e1fcfde826a53b6e0

  • SHA256

    b2996c6d10e025cd4f31d3a4626d286807576df292eee40068109949370245c0

  • SHA512

    8a25969b9504db67d39350efadad45af83b65db9d5ef3b8b7376262a47f504092a7ae9675a8bb3de4895a739d98e9a691cc83788471b31c97f2980a0739a63cd

  • SSDEEP

    3145728:ZxDfCK12b+FkX18D6JXyXp1+gWYHNdpi6TjJ9w:ZpfoSS1c6KigdtT1Ju

Score
10/10
pysilondefense_evasiondiscoveryexecutionpersistencepyinstallerspywarestealer

Malware Config

Targets

    • Target

      boostrapper.exe

    • Size

      116.0MB

    • MD5

      7a7f7fc21e7b7c47ee087de193b04166

    • SHA1

      c99470d7a73b39a87afeaa5f7af3b7d8435d4cb0

    • SHA256

      469466b8553630eab666dc5216e63074d4eac09eb8c4fe3caa15041c3a75dde2

    • SHA512

      f89ab484f10af216be0193ed2b02810c7671911a2f5e1912c261b7a32b7f99e7b748ec0ec734d6c5594b294159d867437d8cba138f45ac16903d88fe5bc6b76e

    • SSDEEP

      3145728:Gc6lSZeibJjz9wHE8/2qHO5iTponG0iWMstB2OxRuD1:l6lk1Zw/NHCiVeieBw

    Score
    9/10
    defense_evasionexecutionpersistencespywarestealer

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      builder.py

    • Size

      34B

    • MD5

      abaa9ea67cc53bc0205f56d0b66a22c3

    • SHA1

      c28f2d35d0d12a3486489823cf74f0bf7f8b07b2

    • SHA256

      99a23164675b43566e8c3ddaba774c973844e70d5cec1dbbfd6860b24f13a94e

    • SHA512

      bb425d71279e0d3daee6e8a1e765ad2821d4c30609b66853277c4e8332525eb70f09ed3fb12301d0360b04141561a956ba666e29c1f892372a8224801e392a71

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

1
T1112

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

File and Directory Discovery

1
T1083

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks