Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5
-
Size
917KB
-
Sample
231122-lx8bdacb8z
-
MD5
51a72cba85e56e68571f1737a3867248
-
SHA1
cd1343921939fb80ba0cc335f6a96e9c25f7f8a4
-
SHA256
57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5
-
SHA512
605bb27e929b9a13b697fa6edd7470339e81c6323512d329809c64930f2f2b9f2572c0f7f65d030c9fe04b9135cc286b8b15c02686fea09738a975f4d62afc5a
-
SSDEEP
12288:WLshChMwzLdh+fF7dG1lFlWcYT70pxnnaaoawhmm6vgWrJprZNrI0AilFEvxHvB0:mLc4MROxnF664GprZlI0AilFEvxHit1
Behavioral task
behavioral1
Sample
57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5.exe
Resource
win7-20231023-en
Malware Config
Extracted
orcus
s7vety-64001.portmap.io:64001
8f9ad032680b48e4921e3dead6b0b2ce
-
autostart_method
TaskScheduler
-
enable_keylogger
true
-
install_path
%appdata%\Java\javaUpdate.exe
-
reconnect_delay
10000
-
registry_keyname
JavaUpate
-
taskscheduler_taskname
JavaUpate
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5
-
Size
917KB
-
MD5
51a72cba85e56e68571f1737a3867248
-
SHA1
cd1343921939fb80ba0cc335f6a96e9c25f7f8a4
-
SHA256
57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5
-
SHA512
605bb27e929b9a13b697fa6edd7470339e81c6323512d329809c64930f2f2b9f2572c0f7f65d030c9fe04b9135cc286b8b15c02686fea09738a975f4d62afc5a
-
SSDEEP
12288:WLshChMwzLdh+fF7dG1lFlWcYT70pxnnaaoawhmm6vgWrJprZNrI0AilFEvxHvB0:mLc4MROxnF664GprZlI0AilFEvxHit1
-
Orcus main payload
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-