Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b8a4b96e05940a81a14122f78a6fa3a796615c325a6d44c344fc83cf38100547.exe.zip

  • Size

    594KB

  • MD5

    c184ac2ab6f4202d48464a5eb6a530d7

  • SHA1

    6a7a857f86582fe28b1e9da9b6ac7d08101ae622

  • SHA256

    ec77f944e611cea60295de5b42e23a32c688b2d7ecadcb0a01977e38504ada86

  • SHA512

    188cc8b371cc4fe1b74bf9627687396451af1e81645606ad4f71dd26526ce81755f29a444fb5cefe2c0f38dedc668515ff242b4608541f9afe1371b0f60ce169

  • SSDEEP

    12288:1F+113I/lostvds4guEDHSLt6IlK/FE6NuTiwD5Ov4g1KoNC0wa/mJ0C6:1u13I/lostvdguEbSwI+2DTiwD5Ov3NZ

Score
10/10

Malware Config

Extracted

Family

orcus

Botnet

NewPro

C2

216.170.120.141:42069

Mutex

d3d52ea46f88416fac4938bc6eb0a5d0

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %programfiles%\Taber LLC\RMM\rmm.exe

  • reconnect_delay

    10000

  • registry_keyname

    RMM

  • taskscheduler_taskname

    RMM

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • b8a4b96e05940a81a14122f78a6fa3a796615c325a6d44c344fc83cf38100547.exe.zip
    .zip

    Password: infected

  • b8a4b96e05940a81a14122f78a6fa3a796615c325a6d44c344fc83cf38100547.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections