Skip to content

v2.5.1

Latest
Latest

Choose a tag to compare

View all tags
@Pnwcomputers Pnwcomputers released this 10 Jun 23:03
· 16 commits to main since this release
v2.5.1
156232c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

JWrapper ScreenConnect RAT Remediationn Toolkit v2.5.1

v2.5.1: Advanced Registry Purge & Relay Sinkholing

Description:

This release significantly expands the toolkit's capability to detect and eradicate deep-seated registry persistence and block active campaign relay infrastructure.

What's New:

  • SideBySide Cache Purge: Added logic to dynamically scan and purge ScreenConnect artifacts hiding deep within the HKEY_USERS SideBySide/ClickOnce deployment registry cache.
  • Tracing & Event Log Cleanup: Scans and removes ControlSet001 EventLog entries and WOW6432Node\Microsoft\Tracing artifacts left behind by malicious ScreenConnect executions.
  • Targeted Relay Sinkholing: Automatically adds Windows Hosts file blocks for known malicious ScreenConnect relay domains (instance-fc5xev-relay.screenconnect.com, instance-sis2tc-relay.screenconnect.com) to prevent re-infection or beaconing.
  • Legitimate Software Whitelisting: Specifically excludes known, valid Line-of-Business applications (e.g., Furniture Wizard) from being flagged or blocked by the remediation sweeps.
  • Enhanced Memory Detection: system_check.ps1 now cross-references running ScreenConnect command lines against known malicious relay identifiers to detect active, memory-resident staging.

Full Changelog: v2.5.0...v2.5.1

Assets 2
Loading