Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d19d786da036360b868027953205c8c8cf1cf76b51d55877ce339c9bdfbe557f
-
Size
927KB
-
Sample
240108-bhx7raheal
-
MD5
9baeb22d2b5288da9ef53d039c4b5630
-
SHA1
d393638f3f423762f4274462938e335a31072aac
-
SHA256
d19d786da036360b868027953205c8c8cf1cf76b51d55877ce339c9bdfbe557f
-
SHA512
1e1104d54edfca2ce2ced15cb5cdc398638e5eec18c190b8d4fce7448f499c19c70da83fafd6c5215714467e66190f2165abb0631b8e3164f79a5f4dd642bdc6
-
SSDEEP
24576:tns4MROxnFE3Mdc1RRrZlI0AilFEvxHiEk:tn/MiuPbRrZlI0AilFEvxHi
Behavioral task
behavioral1
Sample
d19d786da036360b868027953205c8c8cf1cf76b51d55877ce339c9bdfbe557f.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
d19d786da036360b868027953205c8c8cf1cf76b51d55877ce339c9bdfbe557f.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
orcus
nonamedc.mcv.kr:8080
92039850e11043b0be3d5269813722b1
-
autostart_method
Registry
-
enable_keylogger
true
-
install_path
%programfiles%\WSupdate\WSupdate.exe
-
reconnect_delay
10000
-
registry_keyname
WSupdate
-
taskscheduler_taskname
Orcus
-
watchdog_path
Temp\WSupdate.exe
Targets
-
-
Target
d19d786da036360b868027953205c8c8cf1cf76b51d55877ce339c9bdfbe557f
-
Size
927KB
-
MD5
9baeb22d2b5288da9ef53d039c4b5630
-
SHA1
d393638f3f423762f4274462938e335a31072aac
-
SHA256
d19d786da036360b868027953205c8c8cf1cf76b51d55877ce339c9bdfbe557f
-
SHA512
1e1104d54edfca2ce2ced15cb5cdc398638e5eec18c190b8d4fce7448f499c19c70da83fafd6c5215714467e66190f2165abb0631b8e3164f79a5f4dd642bdc6
-
SSDEEP
24576:tns4MROxnFE3Mdc1RRrZlI0AilFEvxHiEk:tn/MiuPbRrZlI0AilFEvxHi
Score6/10-
Drops desktop.ini file(s)
-