Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
91ce27e029579672316835d3df17f5aa
-
Size
5.7MB
-
Sample
231219-y3nv5scfam
-
MD5
91ce27e029579672316835d3df17f5aa
-
SHA1
d39f4e332ec82a34b36a9e3b443a7ba01bcbacf0
-
SHA256
2d691f32f85f4036a2d2557e6a8712642de87f2e4bd739bc646d2e1868247d91
-
SHA512
90c3cf668d63130dc465bd8ffd28d9c2eaeba029bc49b96caf01566142a2179095a565b1960777762163527be4b4b35581328345bb18e2049ce94923cfa16864
-
SSDEEP
98304:S1Ez2JuYuUTMQHW4sp3JI19j3whkpPsstK2gjibmB:72JhngQHW4FNwhkpHK2Nb
Static task
static1
Behavioral task
behavioral1
Sample
91ce27e029579672316835d3df17f5aa.exe
Resource
win7-20231215-en
Malware Config
Extracted
orcus
Client001
192.168.1.87:7005
606052efa3484cbfaac032f9ffb221f6
-
autostart_method
Registry
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
Temp\OrcusWatchdog.exe
Targets
-
-
Target
91ce27e029579672316835d3df17f5aa
-
Size
5.7MB
-
MD5
91ce27e029579672316835d3df17f5aa
-
SHA1
d39f4e332ec82a34b36a9e3b443a7ba01bcbacf0
-
SHA256
2d691f32f85f4036a2d2557e6a8712642de87f2e4bd739bc646d2e1868247d91
-
SHA512
90c3cf668d63130dc465bd8ffd28d9c2eaeba029bc49b96caf01566142a2179095a565b1960777762163527be4b4b35581328345bb18e2049ce94923cfa16864
-
SSDEEP
98304:S1Ez2JuYuUTMQHW4sp3JI19j3whkpPsstK2gjibmB:72JhngQHW4FNwhkpHK2Nb
-
Orcurs Rat Executable
-
Modifies file permissions
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-