Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e47046a967cbab7084fe8580bcec72cd951de7160da199a2c1a18dcc947508c7
-
Size
3.0MB
-
Sample
231125-be8t3sgc8t
-
MD5
1c636812112dacac8ce5849d166accc4
-
SHA1
d9cb5a3ccedff8e22acb81b80be09c7c4bc6edbd
-
SHA256
e47046a967cbab7084fe8580bcec72cd951de7160da199a2c1a18dcc947508c7
-
SHA512
e830ebc6a5f2591a17e2bab767bc4a9ef7293a0454c7c2fe2ef5fa7bbabe108815b99d5a71e5c7f939c9d0fba4694d94d83d7b8b4a3c62fa2bbb7a048241e68b
-
SSDEEP
49152:sjpGlZKMPGgoT5LDRfzf6TLumC7ZWRmQAypQxbco9JnCmSFrDEI0AilFCvxHd:sjYi5T116TLglWRmvypSbco9JCm
Behavioral task
behavioral1
Sample
e47046a967cbab7084fe8580bcec72cd951de7160da199a2c1a18dcc947508c7.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
e47046a967cbab7084fe8580bcec72cd951de7160da199a2c1a18dcc947508c7.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
orcus
0.tcp.eu.ngrok.io:16021
322d5c9785794f5995f777c1629c1f4f
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Android\Android.exe
-
reconnect_delay
10000
-
registry_keyname
Android
-
taskscheduler_taskname
Android
-
watchdog_path
AppData\AndroidWatchdog.exe
Targets
-
-
Target
e47046a967cbab7084fe8580bcec72cd951de7160da199a2c1a18dcc947508c7
-
Size
3.0MB
-
MD5
1c636812112dacac8ce5849d166accc4
-
SHA1
d9cb5a3ccedff8e22acb81b80be09c7c4bc6edbd
-
SHA256
e47046a967cbab7084fe8580bcec72cd951de7160da199a2c1a18dcc947508c7
-
SHA512
e830ebc6a5f2591a17e2bab767bc4a9ef7293a0454c7c2fe2ef5fa7bbabe108815b99d5a71e5c7f939c9d0fba4694d94d83d7b8b4a3c62fa2bbb7a048241e68b
-
SSDEEP
49152:sjpGlZKMPGgoT5LDRfzf6TLumC7ZWRmQAypQxbco9JnCmSFrDEI0AilFCvxHd:sjYi5T116TLglWRmvypSbco9JCm
-
Orcus main payload
-
Orcurs Rat Executable
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-