Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    78978a36b56e68b07d49c3e380f30c7c12668edc3bb71761c2bd8b05b416fcb1.exe.zip

  • Size

    594KB

  • MD5

    265070e0f82f80200be6b96918851eeb

  • SHA1

    340b6fef433dad64566f85c30cff6e97c8ff3194

  • SHA256

    435d7ca89b2a10c4ef440c1852835db8485145a2565612410ac491b94e450251

  • SHA512

    dcacba10e49659d3650ca2578afc01eb24a762aa07caeb35d3c70f0ebfc75f4a6a7f531909ae17bd684ab0e9d0e6500fd03e4b5955e83bd6ee5ba750da470563

  • SSDEEP

    12288:h9IqPnTbg/MOBpxaKM70ewTTls8zAbY256D9c4Jk7bUObFebbkYVG:hZb3OBz3Mw9TDzS5u2bbIbkYo

Score
10/10

Malware Config

Extracted

Family

orcus

Botnet

Default

C2

216.170.120.141:42069

Mutex

c9015774f0ad4366bafd53ee00a5ef2f

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %programfiles%\Taber LLC\RMM\rmm.exe

  • reconnect_delay

    10000

  • registry_keyname

    RMM

  • taskscheduler_taskname

    RMM

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 78978a36b56e68b07d49c3e380f30c7c12668edc3bb71761c2bd8b05b416fcb1.exe.zip
    .zip

    Password: infected

  • 78978a36b56e68b07d49c3e380f30c7c12668edc3bb71761c2bd8b05b416fcb1.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections