Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2a009a3d4a00bac5a6dd98172322f8bd406918986049b462c39831d47de03336

  • Size

    3.0MB

  • Sample

    231122-l24hzsbf52

  • MD5

    a2661b6b588c957b767e0f95d9d6a9a5

  • SHA1

    8f408bdb1fd389054d04efbdc4a4402d0de2da9b

  • SHA256

    2a009a3d4a00bac5a6dd98172322f8bd406918986049b462c39831d47de03336

  • SHA512

    3823d7c1a45adf1918fdc2338ff011eda67f8160c862c1b18412ed0918bc34f1b429de44472aa4ddf8989302c40e2cb812251bfb4f103fb6494edc29a1849a14

  • SSDEEP

    49152:oBpEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmKurZEu:oBptODUKTslWp2MpbfGGilIJPypSbxEk

Score
10/10

Malware Config

Extracted

Family

orcus

C2

192.168.0.13:3434

Mutex

59f44000b96c403bb3a12774f6a5fff0

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      2a009a3d4a00bac5a6dd98172322f8bd406918986049b462c39831d47de03336

    • Size

      3.0MB

    • MD5

      a2661b6b588c957b767e0f95d9d6a9a5

    • SHA1

      8f408bdb1fd389054d04efbdc4a4402d0de2da9b

    • SHA256

      2a009a3d4a00bac5a6dd98172322f8bd406918986049b462c39831d47de03336

    • SHA512

      3823d7c1a45adf1918fdc2338ff011eda67f8160c862c1b18412ed0918bc34f1b429de44472aa4ddf8989302c40e2cb812251bfb4f103fb6494edc29a1849a14

    • SSDEEP

      49152:oBpEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmKurZEu:oBptODUKTslWp2MpbfGGilIJPypSbxEk

    Score
    10/10
    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

MITRE ATT&CK Matrix

Tasks