Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bca4e0beda906c45befbc6a7f301bff2

  • Size

    730KB

  • Sample

    231228-ay45kahac9

  • MD5

    bca4e0beda906c45befbc6a7f301bff2

  • SHA1

    cc7ff3345dafad25f9c5444982c233330eaf7faa

  • SHA256

    00b0a8c827aa676690da206e1bc9c8ad8a1415087ba9421e1a9ac650e1a464f4

  • SHA512

    a760e67bbd3fcb03d604e29028bdcdd899a532b87b3282d5cff043d720c7e372df67309d6b010eb601a2fb3b0fb6d927029b969da146e0159e961d531a33bf1b

  • SSDEEP

    12288:Oh1Lk70TnvjcmZHL8BHF1NgkFGmLnBcCNkk1wkMAhhDrb+57XteUbSrjbrRd1bhl:Ck70TrcSkF1NjbnBcCHh9rCErjbrRdbl

Malware Config

Extracted

Family

orcus

Botnet

BAT

C2

xpert.dyndns.biz:10134

Mutex

20b2b43a3ef145c0b4e761b969ac6bc4

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\GraphicCard.exe

  • reconnect_delay

    10000

  • registry_keyname

    GraphicCard

  • taskscheduler_taskname

    GraphicCard

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      bca4e0beda906c45befbc6a7f301bff2

    • Size

      730KB

    • MD5

      bca4e0beda906c45befbc6a7f301bff2

    • SHA1

      cc7ff3345dafad25f9c5444982c233330eaf7faa

    • SHA256

      00b0a8c827aa676690da206e1bc9c8ad8a1415087ba9421e1a9ac650e1a464f4

    • SHA512

      a760e67bbd3fcb03d604e29028bdcdd899a532b87b3282d5cff043d720c7e372df67309d6b010eb601a2fb3b0fb6d927029b969da146e0159e961d531a33bf1b

    • SSDEEP

      12288:Oh1Lk70TnvjcmZHL8BHF1NgkFGmLnBcCNkk1wkMAhhDrb+57XteUbSrjbrRd1bhl:Ck70TrcSkF1NjbnBcCHh9rCErjbrRdbl

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

MITRE ATT&CK Matrix

Tasks