Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a0aae538ed6845b3d9a3b69372faf03cf785a41e7071fc8f52e523f1f7f216c8
-
Size
941KB
-
Sample
240108-bkjr5saeh6
-
MD5
87b31513e784ff301c72d2e7d3c8c04b
-
SHA1
be7416f9f942390904c7d540d110a38cffdcf645
-
SHA256
a0aae538ed6845b3d9a3b69372faf03cf785a41e7071fc8f52e523f1f7f216c8
-
SHA512
cce552b678a50837174de14dfcb0f5d6d9304462e7d6b74dbfe655bd38ca99536a930def9bbdeee5548e041497394ddf6303c888c7f9138229991d40eb90294c
-
SSDEEP
24576:rAhZbW7uK6ywJPApFDKZHxieg5s7LN/iMj4NiN:YZbk6ywJPALOFg5sFiMj4NiN
Static task
static1
Behavioral task
behavioral1
Sample
a0aae538ed6845b3d9a3b69372faf03cf785a41e7071fc8f52e523f1f7f216c8.exe
Resource
win7-20231215-en
Malware Config
Extracted
orcus
nonamedc.mcv.kr:8080
fcca7214f2cf43aa90403230957e4103
-
autostart_method
Disable
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
a0aae538ed6845b3d9a3b69372faf03cf785a41e7071fc8f52e523f1f7f216c8
-
Size
941KB
-
MD5
87b31513e784ff301c72d2e7d3c8c04b
-
SHA1
be7416f9f942390904c7d540d110a38cffdcf645
-
SHA256
a0aae538ed6845b3d9a3b69372faf03cf785a41e7071fc8f52e523f1f7f216c8
-
SHA512
cce552b678a50837174de14dfcb0f5d6d9304462e7d6b74dbfe655bd38ca99536a930def9bbdeee5548e041497394ddf6303c888c7f9138229991d40eb90294c
-
SSDEEP
24576:rAhZbW7uK6ywJPApFDKZHxieg5s7LN/iMj4NiN:YZbk6ywJPALOFg5sFiMj4NiN
-
Orcurs Rat Executable
-
Suspicious use of SetThreadContext
-