Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b7bcc2956573b5bb7847d280edca2134d50781c43305904c6c5c5d327631516e
-
Size
3.0MB
-
Sample
231216-bjlkcahggk
-
MD5
f1079cd53751a4d8092a532c07f8e837
-
SHA1
d8bb9b8e4c54d50385054bf4367702429aeda7bd
-
SHA256
b7bcc2956573b5bb7847d280edca2134d50781c43305904c6c5c5d327631516e
-
SHA512
1417a0f109d56d97475304ca690ea6a4e71b7f5937dc5c7b355e1a172ab0e375cd0eb0ecbf297c7d9f4703c81338b5b6ce01bded0090d9f568bf8da80b9b0ab8
-
SSDEEP
49152:5GPEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmBrrzIu:5CtODUKTslWp2MpbfGGilIJPypSbxEor
Behavioral task
behavioral1
Sample
b7bcc2956573b5bb7847d280edca2134d50781c43305904c6c5c5d327631516e.exe
Resource
win7-20231215-en
Malware Config
Extracted
orcus
KLauncher
5.tcp.eu.ngrok.io:17730
da69058839134507b85e2e9518dddfb4
-
autostart_method
Registry
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
b7bcc2956573b5bb7847d280edca2134d50781c43305904c6c5c5d327631516e
-
Size
3.0MB
-
MD5
f1079cd53751a4d8092a532c07f8e837
-
SHA1
d8bb9b8e4c54d50385054bf4367702429aeda7bd
-
SHA256
b7bcc2956573b5bb7847d280edca2134d50781c43305904c6c5c5d327631516e
-
SHA512
1417a0f109d56d97475304ca690ea6a4e71b7f5937dc5c7b355e1a172ab0e375cd0eb0ecbf297c7d9f4703c81338b5b6ce01bded0090d9f568bf8da80b9b0ab8
-
SSDEEP
49152:5GPEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmBrrzIu:5CtODUKTslWp2MpbfGGilIJPypSbxEor
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Orcurs Rat Executable
-