General

  • Target

    Solara3.0s.exe

  • Size

    469KB

  • MD5

    1f532632777673e522d5c17cd4aed0c0

  • SHA1

    707964883b3168810be0f977e54c7db09fed3668

  • SHA256

    e63b5f8bfd7ef1d06b57fef57e2704592b003a653d132844abf776e2e0752181

  • SHA512

    f5772edfe378b1f283d449c515dc8d36609a017745b8395968681efc1de7e0a3b9fc0c69b193b15c39ea44b9f1163355861fa5000e2fb1ab3734dc20250576ce

  • SSDEEP

    12288:umnk7iLJbpIpiRL6I2WhSKQ9ZsfZQS2n9:WiLJbpI7I2WhQqZ729

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

accessories-retrieve.gl.at.ply.gg:13970

accessories-retrieve.gl.at.ply.gg:9999

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    Solara2.exe

  • copy_folder

    Health

  • delete_file

    true

  • hide_file

    true

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %WinDir%\System32

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    filer32

  • keylog_path

    %WinDir%\System32

  • mouse_option

    false

  • mutex

    Rmc-X97XC1

  • screenshot_crypt

    true

  • screenshot_flag

    true

  • screenshot_folder

    Screenshots

  • screenshot_path

    %WinDir%\System32

  • screenshot_time

    10

  • startup_value

    WindowsHealth

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Solara3.0s.exe
    .exe windows:5 windows x86 arch:x86

    5d354883fe6f15fcf48045037a99fb7a


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.