Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eb604e30b417ed070deefd71d6f4b387b66542ec44604ba33d23cc9f3c562f5a

  • Size

    3.0MB

  • MD5

    ba871bd865a6d6b3c827103c388819d0

  • SHA1

    df0da12537fa33acfc8a8a9f308f485bf59c4fd6

  • SHA256

    eb604e30b417ed070deefd71d6f4b387b66542ec44604ba33d23cc9f3c562f5a

  • SHA512

    e1a78daf7ff92c1a1c09cd32f1104193726c7390ffcd58906958d182e588c8e10863d111733aec49ad076997000efca2e56a0832a79292abda4df3e37d64bb3f

  • SSDEEP

    49152:S1HS7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpbu/nRFfjI7L0qbm:SUHTPJg8z1mKnypSbRxo9JCm

Malware Config

Extracted

Family

orcus

Botnet

Новый тег

C2

31.44.184.52:51972

Mutex

sudo_srpiqkklx7ep2j58j2i7oyvpd6sx99h3

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\longpollrequest\httplinux.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • eb604e30b417ed070deefd71d6f4b387b66542ec44604ba33d23cc9f3c562f5a
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections