Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5

  • Size

    917KB

  • Sample

    231122-lx8bdacb8z

  • MD5

    51a72cba85e56e68571f1737a3867248

  • SHA1

    cd1343921939fb80ba0cc335f6a96e9c25f7f8a4

  • SHA256

    57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5

  • SHA512

    605bb27e929b9a13b697fa6edd7470339e81c6323512d329809c64930f2f2b9f2572c0f7f65d030c9fe04b9135cc286b8b15c02686fea09738a975f4d62afc5a

  • SSDEEP

    12288:WLshChMwzLdh+fF7dG1lFlWcYT70pxnnaaoawhmm6vgWrJprZNrI0AilFEvxHvB0:mLc4MROxnF664GprZlI0AilFEvxHit1

Malware Config

Extracted

Family

orcus

C2

s7vety-64001.portmap.io:64001

Mutex

8f9ad032680b48e4921e3dead6b0b2ce

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %appdata%\Java\javaUpdate.exe

  • reconnect_delay

    10000

  • registry_keyname

    JavaUpate

  • taskscheduler_taskname

    JavaUpate

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5

    • Size

      917KB

    • MD5

      51a72cba85e56e68571f1737a3867248

    • SHA1

      cd1343921939fb80ba0cc335f6a96e9c25f7f8a4

    • SHA256

      57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5

    • SHA512

      605bb27e929b9a13b697fa6edd7470339e81c6323512d329809c64930f2f2b9f2572c0f7f65d030c9fe04b9135cc286b8b15c02686fea09738a975f4d62afc5a

    • SSDEEP

      12288:WLshChMwzLdh+fF7dG1lFlWcYT70pxnnaaoawhmm6vgWrJprZNrI0AilFEvxHvB0:mLc4MROxnF664GprZlI0AilFEvxHit1

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcus main payload

    • Orcurs Rat Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks