General
-
Target
SolaraBootstrapper (2).exe
-
Size
14.7MB
-
Sample
240705-c933ratamc
-
MD5
574d7b18b6ba272552b39ddfa54a60ca
-
SHA1
8458ff8150611486a89a990f39a788eb1de94d01
-
SHA256
347743a762f65cb091a86db4f85a2701a4888393e460b9cade5d537d1db21be1
-
SHA512
fc122163000f5bb027e34ba2c4020f622bb77c44b86d2abf7ad7ad4df84ab067c73dacb3319282fceff78b06ec0abff1b7b5fdfb1cbee9069e805911b9fced71
-
SSDEEP
393216:Ya92bgIF5L1V8diurEUWjuzKnpEfOKSUuK+xh:j947RFdbu2npqS7K+/
Static task
static1
Behavioral task
behavioral1
Sample
SolaraBootstrapper (2).exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
SolaraBootstrapper (2).exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
SolaraBootstrapper (2).exe
-
Size
14.7MB
-
MD5
574d7b18b6ba272552b39ddfa54a60ca
-
SHA1
8458ff8150611486a89a990f39a788eb1de94d01
-
SHA256
347743a762f65cb091a86db4f85a2701a4888393e460b9cade5d537d1db21be1
-
SHA512
fc122163000f5bb027e34ba2c4020f622bb77c44b86d2abf7ad7ad4df84ab067c73dacb3319282fceff78b06ec0abff1b7b5fdfb1cbee9069e805911b9fced71
-
SSDEEP
393216:Ya92bgIF5L1V8diurEUWjuzKnpEfOKSUuK+xh:j947RFdbu2npqS7K+/
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Hide Artifacts: Hidden Files and Directories
-