Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bca4e0beda906c45befbc6a7f301bff2
-
Size
730KB
-
Sample
231228-ay45kahac9
-
MD5
bca4e0beda906c45befbc6a7f301bff2
-
SHA1
cc7ff3345dafad25f9c5444982c233330eaf7faa
-
SHA256
00b0a8c827aa676690da206e1bc9c8ad8a1415087ba9421e1a9ac650e1a464f4
-
SHA512
a760e67bbd3fcb03d604e29028bdcdd899a532b87b3282d5cff043d720c7e372df67309d6b010eb601a2fb3b0fb6d927029b969da146e0159e961d531a33bf1b
-
SSDEEP
12288:Oh1Lk70TnvjcmZHL8BHF1NgkFGmLnBcCNkk1wkMAhhDrb+57XteUbSrjbrRd1bhl:Ck70TrcSkF1NjbnBcCHh9rCErjbrRdbl
Static task
static1
Behavioral task
behavioral1
Sample
bca4e0beda906c45befbc6a7f301bff2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
bca4e0beda906c45befbc6a7f301bff2.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
orcus
BAT
xpert.dyndns.biz:10134
20b2b43a3ef145c0b4e761b969ac6bc4
-
autostart_method
TaskScheduler
-
enable_keylogger
true
-
install_path
%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\GraphicCard.exe
-
reconnect_delay
10000
-
registry_keyname
GraphicCard
-
taskscheduler_taskname
GraphicCard
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
bca4e0beda906c45befbc6a7f301bff2
-
Size
730KB
-
MD5
bca4e0beda906c45befbc6a7f301bff2
-
SHA1
cc7ff3345dafad25f9c5444982c233330eaf7faa
-
SHA256
00b0a8c827aa676690da206e1bc9c8ad8a1415087ba9421e1a9ac650e1a464f4
-
SHA512
a760e67bbd3fcb03d604e29028bdcdd899a532b87b3282d5cff043d720c7e372df67309d6b010eb601a2fb3b0fb6d927029b969da146e0159e961d531a33bf1b
-
SSDEEP
12288:Oh1Lk70TnvjcmZHL8BHF1NgkFGmLnBcCNkk1wkMAhhDrb+57XteUbSrjbrRd1bhl:Ck70TrcSkF1NjbnBcCHh9rCErjbrRdbl
-
Orcurs Rat Executable
-