Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b7168a34637ac6e481638d9e4ad35ad73baf201695be358dfab0cb386bd1d715
-
Size
907KB
-
Sample
231216-blevksbce2
-
MD5
fe51273f21fb2144a9ec87a3efc98769
-
SHA1
16481c7404479cfc21e4f43282e6f1141e2bb6f2
-
SHA256
b7168a34637ac6e481638d9e4ad35ad73baf201695be358dfab0cb386bd1d715
-
SHA512
feb68f9a04b18c60ccc45376cfab9072a0ba60076f191efb30cc7a626d8499fcccfbd12a0e08b11e774ab8bc090e1e92d1ba358e3f8efbf737d92addb674c2cb
-
SSDEEP
12288:cfAVutoEzPRxyjqu7dG1lFlWcYT70pxnnaaoawQjKgRRAKrZNrI0AilFEvxHvBMJ:4fM4MROxnFOgHFrZlI0AilFEvxHif/J
Behavioral task
behavioral1
Sample
b7168a34637ac6e481638d9e4ad35ad73baf201695be358dfab0cb386bd1d715.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b7168a34637ac6e481638d9e4ad35ad73baf201695be358dfab0cb386bd1d715.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
orcus
192.168.4.102:10134
0fbe883972954ad297506419450f10a9
-
autostart_method
Registry
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
b7168a34637ac6e481638d9e4ad35ad73baf201695be358dfab0cb386bd1d715
-
Size
907KB
-
MD5
fe51273f21fb2144a9ec87a3efc98769
-
SHA1
16481c7404479cfc21e4f43282e6f1141e2bb6f2
-
SHA256
b7168a34637ac6e481638d9e4ad35ad73baf201695be358dfab0cb386bd1d715
-
SHA512
feb68f9a04b18c60ccc45376cfab9072a0ba60076f191efb30cc7a626d8499fcccfbd12a0e08b11e774ab8bc090e1e92d1ba358e3f8efbf737d92addb674c2cb
-
SSDEEP
12288:cfAVutoEzPRxyjqu7dG1lFlWcYT70pxnnaaoawQjKgRRAKrZNrI0AilFEvxHvBMJ:4fM4MROxnFOgHFrZlI0AilFEvxHif/J
Score6/10-
Drops desktop.ini file(s)
-