Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Solara3.0s.bat

  • Size

    469KB

  • MD5

    500c4ff8fb80ff1c08cab8be818684e8

  • SHA1

    453e94f6fd5169db23542d6e5f499ad97c4f0a27

  • SHA256

    d4fa3fd5ff1a87d0383b763fac6a59080ec20c2f42dede8cf7f67057f3b4363a

  • SHA512

    be16223139dc2c5024512d38dd12b87785025e90d7fafd332bffdd231aedfeb17872e2ead150153684667e8f7cc009556e62efd9661da636ed4e47b10446053f

  • SSDEEP

    12288:Wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSa/n9:uiLJbpI7I2WhQqZ7a/9

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

accessories-retrieve.gl.at.ply.gg:13970

192.168.1.56:13970

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    Solara2.exe

  • copy_folder

    Health

  • delete_file

    true

  • hide_file

    true

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %WinDir%\System32

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    filer32

  • keylog_path

    %WinDir%\System32

  • mouse_option

    false

  • mutex

    Rmc-T13IHS

  • screenshot_crypt

    true

  • screenshot_flag

    true

  • screenshot_folder

    Screenshots

  • screenshot_path

    %WinDir%\System32

  • screenshot_time

    10

  • startup_value

    WindowsHealth

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Solara3.0s.bat
    .exe windows:5 windows x86 arch:x86

    5d354883fe6f15fcf48045037a99fb7a


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.