Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ea6954c8f14e38dbc3a7872976286c03f2ca10d57a0e1a068e0950f41c9af1f1

  • Size

    914KB

  • Sample

    231126-cjx4taee8s

  • MD5

    3e28bb56746947a854d251d3a4ea8d05

  • SHA1

    92d12c7f8e00209dc0a9aee0c62b72ccb2be7ed9

  • SHA256

    ea6954c8f14e38dbc3a7872976286c03f2ca10d57a0e1a068e0950f41c9af1f1

  • SHA512

    22a5771c6fec57ad882e1d49edf8fd8067f57a14b50d5e622f59c1487ac9d88c1745357b8e0ecf0c9f19c468b5681826cd7c3f6962c5a7036635e0d27856a66f

  • SSDEEP

    24576:b1X4MROxnFHOVrrcI0AilFEvxHPfPBoow:b+MiJ8rrcI0AilFEvxHPfP

Malware Config

Extracted

Family

orcus

Botnet

X Primera

C2

127.0.0.1:10134

Mutex

31f82132f04b4e47807554b12459c41a

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      ea6954c8f14e38dbc3a7872976286c03f2ca10d57a0e1a068e0950f41c9af1f1

    • Size

      914KB

    • MD5

      3e28bb56746947a854d251d3a4ea8d05

    • SHA1

      92d12c7f8e00209dc0a9aee0c62b72ccb2be7ed9

    • SHA256

      ea6954c8f14e38dbc3a7872976286c03f2ca10d57a0e1a068e0950f41c9af1f1

    • SHA512

      22a5771c6fec57ad882e1d49edf8fd8067f57a14b50d5e622f59c1487ac9d88c1745357b8e0ecf0c9f19c468b5681826cd7c3f6962c5a7036635e0d27856a66f

    • SSDEEP

      24576:b1X4MROxnFHOVrrcI0AilFEvxHPfPBoow:b+MiJ8rrcI0AilFEvxHPfP

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

MITRE ATT&CK Matrix

Tasks