Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0d1b061d992f3b0896c0f5c502a28c9a67077e243cbeec2b21238f1d95a08791

  • Size

    917KB

  • Sample

    240108-blql3shebr

  • MD5

    508b1b0a1d2010775a407e51a33d0f77

  • SHA1

    0d09c5d336995820776eba2cf04443f8c245b1cc

  • SHA256

    0d1b061d992f3b0896c0f5c502a28c9a67077e243cbeec2b21238f1d95a08791

  • SHA512

    ad5613cf6c89cd841d699fb2368d20a24d58aec2c4bcd2a31cd8a217735eb0c9cfa0cb261e4cf077d4d8ee722cd448fa173a30fcd489191138a8e7c76259ac6b

  • SSDEEP

    24576:MXV4MROxnFi3d1SrrcI0AilFEvxHjGHKQm:MXCMiozSrrcI0AilFEvxHjG

Malware Config

Extracted

Family

orcus

C2

nonamedc.mcv.kr:8080

Mutex

c251bc2f5db84605b3cca3d029f283ef

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    Temp\MSservice

Targets

    • Target

      0d1b061d992f3b0896c0f5c502a28c9a67077e243cbeec2b21238f1d95a08791

    • Size

      917KB

    • MD5

      508b1b0a1d2010775a407e51a33d0f77

    • SHA1

      0d09c5d336995820776eba2cf04443f8c245b1cc

    • SHA256

      0d1b061d992f3b0896c0f5c502a28c9a67077e243cbeec2b21238f1d95a08791

    • SHA512

      ad5613cf6c89cd841d699fb2368d20a24d58aec2c4bcd2a31cd8a217735eb0c9cfa0cb261e4cf077d4d8ee722cd448fa173a30fcd489191138a8e7c76259ac6b

    • SSDEEP

      24576:MXV4MROxnFi3d1SrrcI0AilFEvxHjGHKQm:MXCMiozSrrcI0AilFEvxHjG

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

MITRE ATT&CK Enterprise v15

Tasks