Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    84dfd4f825e9e390775a67be46b031104d0e9de35b691e035a0f2bd72a94ccf0

  • Size

    2.9MB

  • Sample

    231126-bd7wdseb61

  • MD5

    f8dcbbe48015b05c016c44b7afc02dc9

  • SHA1

    fdcba6cf13c2497a76ca574e83ceef815b39ee85

  • SHA256

    84dfd4f825e9e390775a67be46b031104d0e9de35b691e035a0f2bd72a94ccf0

  • SHA512

    1bac61cc51a237eed14b89e39e50b79d1f0d93db54916dd4db3c3454ae1943d83e8b92c83ae35e50481285c2cbe45e826005cf3def5848fe1374248f55dbecc3

  • SSDEEP

    49152:NN9Uotyp4/DtZeM9/Z4bydmdIM2yZ5fuAypQxbLo9JnCmbWncFf0I74gu3a2M:N7DypjEvmOnghypSbLo9JCm

Malware Config

Extracted

Family

orcus

C2

192.168.2.205:10134

Mutex

cbd57c64e39d4333b4bd663c2544e87f

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      84dfd4f825e9e390775a67be46b031104d0e9de35b691e035a0f2bd72a94ccf0

    • Size

      2.9MB

    • MD5

      f8dcbbe48015b05c016c44b7afc02dc9

    • SHA1

      fdcba6cf13c2497a76ca574e83ceef815b39ee85

    • SHA256

      84dfd4f825e9e390775a67be46b031104d0e9de35b691e035a0f2bd72a94ccf0

    • SHA512

      1bac61cc51a237eed14b89e39e50b79d1f0d93db54916dd4db3c3454ae1943d83e8b92c83ae35e50481285c2cbe45e826005cf3def5848fe1374248f55dbecc3

    • SSDEEP

      49152:NN9Uotyp4/DtZeM9/Z4bydmdIM2yZ5fuAypQxbLo9JnCmbWncFf0I74gu3a2M:N7DypjEvmOnghypSbLo9JCm

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

MITRE ATT&CK Matrix

Tasks