General
-
Target
SolaraBootstrapper.exe
-
Size
2.6MB
-
Sample
240630-e8qgdatflg
-
MD5
9e43cdfc9923cc453111634a65f04691
-
SHA1
e3f73d7e5cd4e557ac755558ad539c6d2a5547b0
-
SHA256
ac10a3ae90d450832300d24624ea8bd49c6ecff1de3539b793f6472f76d021fd
-
SHA512
068ec0a085c8229e4fba4d4b5437a20fe82704c93ad7511e8f0cc0f21190d8af938891fb253a23a59ef567288f30bc63f1526b08e92017ca97ebea3341a74eba
-
SSDEEP
49152:xLpTsEQQEQ5pc0BK/sXJS3KM5dIy3LZrpgqTSihRN6UuNyY:xezYAn/KvclFrprSwwN
Malware Config
Targets
-
-
Target
SolaraBootstrapper.exe
-
Size
2.6MB
-
MD5
9e43cdfc9923cc453111634a65f04691
-
SHA1
e3f73d7e5cd4e557ac755558ad539c6d2a5547b0
-
SHA256
ac10a3ae90d450832300d24624ea8bd49c6ecff1de3539b793f6472f76d021fd
-
SHA512
068ec0a085c8229e4fba4d4b5437a20fe82704c93ad7511e8f0cc0f21190d8af938891fb253a23a59ef567288f30bc63f1526b08e92017ca97ebea3341a74eba
-
SSDEEP
49152:xLpTsEQQEQ5pc0BK/sXJS3KM5dIy3LZrpgqTSihRN6UuNyY:xezYAn/KvclFrprSwwN
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1