Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f92ecd2f6bffba875cff2acaece52947310a9f64f04df85c39d81af2b5a7b02c

  • Size

    903KB

  • Sample

    240108-bkg9bahebm

  • MD5

    bf396bf6dd657837ce952e40f4e030f4

  • SHA1

    2b0b36c6a1e12d403ab7bae5b70140c2872a0708

  • SHA256

    f92ecd2f6bffba875cff2acaece52947310a9f64f04df85c39d81af2b5a7b02c

  • SHA512

    2b7a05c1b1faf40ef1999e2357a2e4f7435dcb54a1565641db57ef8afb6a27aa704e6bc4c71ba657de7f0ee69198bf6e5099199350cf26f9196655d354c8bb90

  • SSDEEP

    12288:P0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCBfm9rR6W7BaepBwzo7dG1lFlWn:8am4MROxnF4OVrrcI0AilFEvxHPUooh

Malware Config

Extracted

Family

orcus

C2

192.168.219.110:10134

Mutex

7721b8ea063b4ed197de8e8ffe0ccbc0

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      f92ecd2f6bffba875cff2acaece52947310a9f64f04df85c39d81af2b5a7b02c

    • Size

      903KB

    • MD5

      bf396bf6dd657837ce952e40f4e030f4

    • SHA1

      2b0b36c6a1e12d403ab7bae5b70140c2872a0708

    • SHA256

      f92ecd2f6bffba875cff2acaece52947310a9f64f04df85c39d81af2b5a7b02c

    • SHA512

      2b7a05c1b1faf40ef1999e2357a2e4f7435dcb54a1565641db57ef8afb6a27aa704e6bc4c71ba657de7f0ee69198bf6e5099199350cf26f9196655d354c8bb90

    • SSDEEP

      12288:P0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCBfm9rR6W7BaepBwzo7dG1lFlWn:8am4MROxnF4OVrrcI0AilFEvxHPUooh

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

MITRE ATT&CK Matrix

Tasks