Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5de27d41560716e77970ad4a0818aaa3af2bcfaf84278d9ccdbcb78bf41a8010

  • Size

    914KB

  • MD5

    235c483d27fabab5d2b6acdb0cc95d9a

  • SHA1

    783de4b8139fdc19d22fe60ec03e1f26f51f2342

  • SHA256

    5de27d41560716e77970ad4a0818aaa3af2bcfaf84278d9ccdbcb78bf41a8010

  • SHA512

    bca1ace766f987ea0ec92dc9586d180bae2585712634ff2d59f3123ab7c7f2f957603916701345043db03d339f5aeced1ec1901695196ec47b72a12d20db76b9

  • SSDEEP

    24576:Z554MROxnFTH/rrcI0AilFEvxHPlCooU:ZQMiVrrcI0AilFEvxHPl

Score
10/10

Malware Config

Extracted

Family

orcus

C2

192.168.0.104:10134

Mutex

074f3e9137354e019a8839122c4f7df6

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %programfiles%\microsoft\microsoft.exe

  • reconnect_delay

    10000

  • registry_keyname

    uyer

  • taskscheduler_taskname

    uyer

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5de27d41560716e77970ad4a0818aaa3af2bcfaf84278d9ccdbcb78bf41a8010
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections