General
-
Target
SolaraBootStrapper.exe
-
Size
76.5MB
-
Sample
240702-lfdenswdka
-
MD5
5ef2a856dd6c99d032f510111026d011
-
SHA1
aa35bfffbdd9df5923301579a9c9bf6ac6b32378
-
SHA256
a725b29b2fa7dbe3e0e409bc8cc5941e537bdb6889fdcc8b5d2da5868d241cb4
-
SHA512
e6d6abe3951eb4c2c84d7facec584c1a9cdeca5718472659f40694dac69a9028e124b23534963c21ee42ffe4e18ae07f860c4ef3e2bb7d4b586dbf9e192e35db
-
SSDEEP
1572864:svHcRlWSk8IpG7V+VPhqYdfME7ZlH/iYweyJulZUdgu0WV7jIJgRqZ9U:svHcRcSkB05awcfvdQpuK0cnS9U
Behavioral task
behavioral1
Sample
SolaraBootStrapper.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
SolaraBootStrapper.exe
-
Size
76.5MB
-
MD5
5ef2a856dd6c99d032f510111026d011
-
SHA1
aa35bfffbdd9df5923301579a9c9bf6ac6b32378
-
SHA256
a725b29b2fa7dbe3e0e409bc8cc5941e537bdb6889fdcc8b5d2da5868d241cb4
-
SHA512
e6d6abe3951eb4c2c84d7facec584c1a9cdeca5718472659f40694dac69a9028e124b23534963c21ee42ffe4e18ae07f860c4ef3e2bb7d4b586dbf9e192e35db
-
SSDEEP
1572864:svHcRlWSk8IpG7V+VPhqYdfME7ZlH/iYweyJulZUdgu0WV7jIJgRqZ9U:svHcRcSkB05awcfvdQpuK0cnS9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-