Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d19d786da036360b868027953205c8c8cf1cf76b51d55877ce339c9bdfbe557f

  • Size

    927KB

  • Sample

    240108-bhx7raheal

  • MD5

    9baeb22d2b5288da9ef53d039c4b5630

  • SHA1

    d393638f3f423762f4274462938e335a31072aac

  • SHA256

    d19d786da036360b868027953205c8c8cf1cf76b51d55877ce339c9bdfbe557f

  • SHA512

    1e1104d54edfca2ce2ced15cb5cdc398638e5eec18c190b8d4fce7448f499c19c70da83fafd6c5215714467e66190f2165abb0631b8e3164f79a5f4dd642bdc6

  • SSDEEP

    24576:tns4MROxnFE3Mdc1RRrZlI0AilFEvxHiEk:tn/MiuPbRrZlI0AilFEvxHi

Score
10/10

Malware Config

Extracted

Family

orcus

C2

nonamedc.mcv.kr:8080

Mutex

92039850e11043b0be3d5269813722b1

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\WSupdate\WSupdate.exe

  • reconnect_delay

    10000

  • registry_keyname

    WSupdate

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    Temp\WSupdate.exe

Targets

    • Target

      d19d786da036360b868027953205c8c8cf1cf76b51d55877ce339c9bdfbe557f

    • Size

      927KB

    • MD5

      9baeb22d2b5288da9ef53d039c4b5630

    • SHA1

      d393638f3f423762f4274462938e335a31072aac

    • SHA256

      d19d786da036360b868027953205c8c8cf1cf76b51d55877ce339c9bdfbe557f

    • SHA512

      1e1104d54edfca2ce2ced15cb5cdc398638e5eec18c190b8d4fce7448f499c19c70da83fafd6c5215714467e66190f2165abb0631b8e3164f79a5f4dd642bdc6

    • SSDEEP

      24576:tns4MROxnFE3Mdc1RRrZlI0AilFEvxHiEk:tn/MiuPbRrZlI0AilFEvxHi

    Score
    6/10
    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix

Tasks