Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    de107f166e3fa1c564284e76b005c21f62e4d01ceed69f42800e284cf565eb5a

  • Size

    3.0MB

  • MD5

    5ce8f14e43febd2d960983bbfa735ed4

  • SHA1

    d70d584f363db3ab171899dd1ec71fdf7640873f

  • SHA256

    de107f166e3fa1c564284e76b005c21f62e4d01ceed69f42800e284cf565eb5a

  • SHA512

    190b98ab186188b76f80c78effaf69a0e6d47c61305d0389ab0df287cffc1b82606aa59a5a70249fc30d0d67e7de88b948702f9c2a9988494bf17d5c1487fc59

  • SSDEEP

    49152:81HS7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpbu/nRFfjI7L0qb:8UHTPJg8z1mKnypSbRxo9JCm

Malware Config

Extracted

Family

orcus

Botnet

Новый тег

C2

31.44.184.52:61946

Mutex

sudo_qbg1j0h46x7enszn2tnro30h61swym1q

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\windowspoll\processjavascript.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • de107f166e3fa1c564284e76b005c21f62e4d01ceed69f42800e284cf565eb5a
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections