Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ce105262f1514791fe43496104c8ccdc4217757268a25c7b293ba4c034b99474
-
Size
911KB
-
Sample
231210-bdnshsbbbk
-
MD5
39dfe618dabddd313ee910e3113b7511
-
SHA1
3613eb45fc6460ae37a560a58bbd97d3dbd1b97a
-
SHA256
ce105262f1514791fe43496104c8ccdc4217757268a25c7b293ba4c034b99474
-
SHA512
bcd454f3e8fe48a2e39a33c946d93692e8545ff839ad2007cf14491a11cc7c36cc9eeb1e81552c98f1e1aece3337dd59ef309586b38f41c10b96ddc6a865f238
-
SSDEEP
24576:4mHR4MROxnFGjUISrrcI0AilFEvxHPtTIooL:buMiYSrrcI0AilFEvxHP
Behavioral task
behavioral1
Sample
ce105262f1514791fe43496104c8ccdc4217757268a25c7b293ba4c034b99474.exe
Resource
win7-20231129-en
Malware Config
Extracted
orcus
192.168.1.76:7778
afd6c48a4d3f48e4bfa6b1c34c905a2e
-
autostart_method
Disable
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
ce105262f1514791fe43496104c8ccdc4217757268a25c7b293ba4c034b99474
-
Size
911KB
-
MD5
39dfe618dabddd313ee910e3113b7511
-
SHA1
3613eb45fc6460ae37a560a58bbd97d3dbd1b97a
-
SHA256
ce105262f1514791fe43496104c8ccdc4217757268a25c7b293ba4c034b99474
-
SHA512
bcd454f3e8fe48a2e39a33c946d93692e8545ff839ad2007cf14491a11cc7c36cc9eeb1e81552c98f1e1aece3337dd59ef309586b38f41c10b96ddc6a865f238
-
SSDEEP
24576:4mHR4MROxnFGjUISrrcI0AilFEvxHPtTIooL:buMiYSrrcI0AilFEvxHP
-
Orcus main payload
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-