Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2532-3-0x00000000048F0000-0x00000000049D8000-memory.dmp
-
Size
928KB
-
Sample
231221-zfyx9sfee3
-
MD5
6d99bba3ffbc4c029e953d479658eef5
-
SHA1
b6a88678c8191bac0bf86070f3bfd5659dbd32e3
-
SHA256
6de6597f716784711ab5fc1963876d14a35cdb94e1be89bb63d18292819bf300
-
SHA512
133b0b33d249ecde914baf62ec0c8206d4d63b7d89891b761b1d820d55a349832d73038bdfca07e996bd86559549bb757c1490d3c8cf8c4733dd20e6deea5ece
-
SSDEEP
12288:E0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCBfm9rR6WVZrpSAtkg7dG1lFlW+:7rX4MROxnFLi0rrcI0AilFEvxHjMQ
Behavioral task
behavioral1
Sample
2532-3-0x00000000048F0000-0x00000000049D8000-memory.exe
Resource
win7-20231215-en
Malware Config
Extracted
orcus
27.124.3.19:6606
4c33dfbaf34e43feafc90544c4a21347
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
2532-3-0x00000000048F0000-0x00000000049D8000-memory.dmp
-
Size
928KB
-
MD5
6d99bba3ffbc4c029e953d479658eef5
-
SHA1
b6a88678c8191bac0bf86070f3bfd5659dbd32e3
-
SHA256
6de6597f716784711ab5fc1963876d14a35cdb94e1be89bb63d18292819bf300
-
SHA512
133b0b33d249ecde914baf62ec0c8206d4d63b7d89891b761b1d820d55a349832d73038bdfca07e996bd86559549bb757c1490d3c8cf8c4733dd20e6deea5ece
-
SSDEEP
12288:E0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCBfm9rR6WVZrpSAtkg7dG1lFlW+:7rX4MROxnFLi0rrcI0AilFEvxHjMQ
-
Orcurs Rat Executable
-