Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    618f0338a084a116beca04ccf0f26bfacf0d18a5e4a87b0c3a5e98e2496a3c6a

  • Size

    3.0MB

  • Sample

    231123-b5zn4agb71

  • MD5

    f557f8bf11aed65b38d4297ac2a2114f

  • SHA1

    d05c626783b560ed631fc6b8f739803f050b9bbd

  • SHA256

    618f0338a084a116beca04ccf0f26bfacf0d18a5e4a87b0c3a5e98e2496a3c6a

  • SHA512

    b6c04e815810d0ed6b40592fd863c370cf76c3fdf9d95d0794b598cc471820dca1280987d0f6c523ea577e56b00c526d66dae928179b31f5e5276351bd237d6d

  • SSDEEP

    49152:XGX87p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpKu/nRFfjI7L0qb:XLHTPJg8z1mKnypSbRxo9JCm

Malware Config

Extracted

Family

orcus

Botnet

Мои Мамонты

C2

128.59.46.185:44657

Mutex

sudo_k2l0wpucmlkko7hurw2vps17u8hqsyf9

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\windows\steamoverlay.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Targets

    • Target

      618f0338a084a116beca04ccf0f26bfacf0d18a5e4a87b0c3a5e98e2496a3c6a

    • Size

      3.0MB

    • MD5

      f557f8bf11aed65b38d4297ac2a2114f

    • SHA1

      d05c626783b560ed631fc6b8f739803f050b9bbd

    • SHA256

      618f0338a084a116beca04ccf0f26bfacf0d18a5e4a87b0c3a5e98e2496a3c6a

    • SHA512

      b6c04e815810d0ed6b40592fd863c370cf76c3fdf9d95d0794b598cc471820dca1280987d0f6c523ea577e56b00c526d66dae928179b31f5e5276351bd237d6d

    • SSDEEP

      49152:XGX87p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpKu/nRFfjI7L0qb:XLHTPJg8z1mKnypSbRxo9JCm

    Score
    5/10

MITRE ATT&CK Enterprise v15

Tasks