Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ea6954c8f14e38dbc3a7872976286c03f2ca10d57a0e1a068e0950f41c9af1f1
-
Size
914KB
-
Sample
231126-cjx4taee8s
-
MD5
3e28bb56746947a854d251d3a4ea8d05
-
SHA1
92d12c7f8e00209dc0a9aee0c62b72ccb2be7ed9
-
SHA256
ea6954c8f14e38dbc3a7872976286c03f2ca10d57a0e1a068e0950f41c9af1f1
-
SHA512
22a5771c6fec57ad882e1d49edf8fd8067f57a14b50d5e622f59c1487ac9d88c1745357b8e0ecf0c9f19c468b5681826cd7c3f6962c5a7036635e0d27856a66f
-
SSDEEP
24576:b1X4MROxnFHOVrrcI0AilFEvxHPfPBoow:b+MiJ8rrcI0AilFEvxHPfP
Behavioral task
behavioral1
Sample
ea6954c8f14e38dbc3a7872976286c03f2ca10d57a0e1a068e0950f41c9af1f1.exe
Resource
win7-20231020-en
Malware Config
Extracted
orcus
X Primera
127.0.0.1:10134
31f82132f04b4e47807554b12459c41a
-
autostart_method
Disable
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
ea6954c8f14e38dbc3a7872976286c03f2ca10d57a0e1a068e0950f41c9af1f1
-
Size
914KB
-
MD5
3e28bb56746947a854d251d3a4ea8d05
-
SHA1
92d12c7f8e00209dc0a9aee0c62b72ccb2be7ed9
-
SHA256
ea6954c8f14e38dbc3a7872976286c03f2ca10d57a0e1a068e0950f41c9af1f1
-
SHA512
22a5771c6fec57ad882e1d49edf8fd8067f57a14b50d5e622f59c1487ac9d88c1745357b8e0ecf0c9f19c468b5681826cd7c3f6962c5a7036635e0d27856a66f
-
SSDEEP
24576:b1X4MROxnFHOVrrcI0AilFEvxHPfPBoow:b+MiJ8rrcI0AilFEvxHPfP
-
Orcurs Rat Executable
-