Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0d1b061d992f3b0896c0f5c502a28c9a67077e243cbeec2b21238f1d95a08791
-
Size
917KB
-
Sample
240108-blql3shebr
-
MD5
508b1b0a1d2010775a407e51a33d0f77
-
SHA1
0d09c5d336995820776eba2cf04443f8c245b1cc
-
SHA256
0d1b061d992f3b0896c0f5c502a28c9a67077e243cbeec2b21238f1d95a08791
-
SHA512
ad5613cf6c89cd841d699fb2368d20a24d58aec2c4bcd2a31cd8a217735eb0c9cfa0cb261e4cf077d4d8ee722cd448fa173a30fcd489191138a8e7c76259ac6b
-
SSDEEP
24576:MXV4MROxnFi3d1SrrcI0AilFEvxHjGHKQm:MXCMiozSrrcI0AilFEvxHjG
Behavioral task
behavioral1
Sample
0d1b061d992f3b0896c0f5c502a28c9a67077e243cbeec2b21238f1d95a08791.exe
Resource
win7-20231215-en
Malware Config
Extracted
orcus
nonamedc.mcv.kr:8080
c251bc2f5db84605b3cca3d029f283ef
-
autostart_method
Disable
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
Temp\MSservice
Targets
-
-
Target
0d1b061d992f3b0896c0f5c502a28c9a67077e243cbeec2b21238f1d95a08791
-
Size
917KB
-
MD5
508b1b0a1d2010775a407e51a33d0f77
-
SHA1
0d09c5d336995820776eba2cf04443f8c245b1cc
-
SHA256
0d1b061d992f3b0896c0f5c502a28c9a67077e243cbeec2b21238f1d95a08791
-
SHA512
ad5613cf6c89cd841d699fb2368d20a24d58aec2c4bcd2a31cd8a217735eb0c9cfa0cb261e4cf077d4d8ee722cd448fa173a30fcd489191138a8e7c76259ac6b
-
SSDEEP
24576:MXV4MROxnFi3d1SrrcI0AilFEvxHjGHKQm:MXCMiozSrrcI0AilFEvxHjG
-
Orcurs Rat Executable
-