Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2532-3-0x00000000048F0000-0x00000000049D8000-memory.dmp

  • Size

    928KB

  • Sample

    231221-zfyx9sfee3

  • MD5

    6d99bba3ffbc4c029e953d479658eef5

  • SHA1

    b6a88678c8191bac0bf86070f3bfd5659dbd32e3

  • SHA256

    6de6597f716784711ab5fc1963876d14a35cdb94e1be89bb63d18292819bf300

  • SHA512

    133b0b33d249ecde914baf62ec0c8206d4d63b7d89891b761b1d820d55a349832d73038bdfca07e996bd86559549bb757c1490d3c8cf8c4733dd20e6deea5ece

  • SSDEEP

    12288:E0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCBfm9rR6WVZrpSAtkg7dG1lFlW+:7rX4MROxnFLi0rrcI0AilFEvxHjMQ

Malware Config

Extracted

Family

orcus

C2

27.124.3.19:6606

Mutex

4c33dfbaf34e43feafc90544c4a21347

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      2532-3-0x00000000048F0000-0x00000000049D8000-memory.dmp

    • Size

      928KB

    • MD5

      6d99bba3ffbc4c029e953d479658eef5

    • SHA1

      b6a88678c8191bac0bf86070f3bfd5659dbd32e3

    • SHA256

      6de6597f716784711ab5fc1963876d14a35cdb94e1be89bb63d18292819bf300

    • SHA512

      133b0b33d249ecde914baf62ec0c8206d4d63b7d89891b761b1d820d55a349832d73038bdfca07e996bd86559549bb757c1490d3c8cf8c4733dd20e6deea5ece

    • SSDEEP

      12288:E0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCBfm9rR6WVZrpSAtkg7dG1lFlW+:7rX4MROxnFLi0rrcI0AilFEvxHjMQ

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

MITRE ATT&CK Matrix

Tasks