Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
50c1d2e9ca2c339ee1d4dde094dd9680505bb13cba75c53af408dabbc209ecee
-
Size
2.9MB
-
Sample
231221-ckmz8sfcel
-
MD5
5afad0c2ad5b3e6aa2e77756104e3b62
-
SHA1
f5493d742da9890b6fd60476dd52eee1b1b1c445
-
SHA256
50c1d2e9ca2c339ee1d4dde094dd9680505bb13cba75c53af408dabbc209ecee
-
SHA512
cd53233220d7b3c354999e336a4ee7d5a3fadc803fff81c9717eff92b0a8fe83522ffd80b5aa7e0ce695d0ea6add32d982030b34898fcafa32f2023a9aed8bbd
-
SSDEEP
49152:VOrN8QFUwqYZeM9/ZzzBjMkPUayX82+YXAypQxb9ndo9JnCmjWncFf0I74gu3wMc:VE0wGGzBjryX82uypSb9ndo9JCmp
Behavioral task
behavioral1
Sample
50c1d2e9ca2c339ee1d4dde094dd9680505bb13cba75c53af408dabbc209ecee.exe
Resource
win7-20231215-en
Malware Config
Extracted
orcus
following-s.gl.at.ply.gg:38914
41f3efa141e34614a0c4fe5e1092cae0
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
50c1d2e9ca2c339ee1d4dde094dd9680505bb13cba75c53af408dabbc209ecee
-
Size
2.9MB
-
MD5
5afad0c2ad5b3e6aa2e77756104e3b62
-
SHA1
f5493d742da9890b6fd60476dd52eee1b1b1c445
-
SHA256
50c1d2e9ca2c339ee1d4dde094dd9680505bb13cba75c53af408dabbc209ecee
-
SHA512
cd53233220d7b3c354999e336a4ee7d5a3fadc803fff81c9717eff92b0a8fe83522ffd80b5aa7e0ce695d0ea6add32d982030b34898fcafa32f2023a9aed8bbd
-
SSDEEP
49152:VOrN8QFUwqYZeM9/ZzzBjMkPUayX82+YXAypQxb9ndo9JnCmjWncFf0I74gu3wMc:VE0wGGzBjryX82uypSb9ndo9JCmp
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-