Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Solara3.0s.bat

  • Size

    469KB

  • MD5

    500c4ff8fb80ff1c08cab8be818684e8

  • SHA1

    453e94f6fd5169db23542d6e5f499ad97c4f0a27

  • SHA256

    d4fa3fd5ff1a87d0383b763fac6a59080ec20c2f42dede8cf7f67057f3b4363a

  • SHA512

    be16223139dc2c5024512d38dd12b87785025e90d7fafd332bffdd231aedfeb17872e2ead150153684667e8f7cc009556e62efd9661da636ed4e47b10446053f

  • SSDEEP

    12288:Wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSa/n9:uiLJbpI7I2WhQqZ7a/9

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

accessories-retrieve.gl.at.ply.gg:13970

192.168.1.56:13970

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    Solara2.exe

  • copy_folder

    Health

  • delete_file

    true

  • hide_file

    true

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %WinDir%\System32

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    filer32

  • keylog_path

    %WinDir%\System32

  • mouse_option

    false

  • mutex

    Rmc-T13IHS

  • screenshot_crypt

    true

  • screenshot_flag

    true

  • screenshot_folder

    Screenshots

  • screenshot_path

    %WinDir%\System32

  • screenshot_time

    10

  • startup_value

    WindowsHealth

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Solara3.0s.bat
    .exe windows:5 windows x86 arch:x86

    5d354883fe6f15fcf48045037a99fb7a


    Headers

    Imports

    Sections